Human Factors in Addressing Cybersecurity Incidents
Ait Kassou, Safae Ali (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025071823643
https://urn.fi/URN:NBN:fi:amk-2025071823643
Tiivistelmä
Cybersecurity incidents are an escalating global challenge, with human factors remaining the leading cause of breaches despite significant advances in technical defenses. This thesis explores how individual behaviors, organizational practices, and cultural attitudes contribute to cybersecurity vulnerabilities. Through a qualitative approach, the research combines a structured literature review with in-depth analysis of three major case studies—WannaCry, Sony Pictures, and Equifax—to identify recurring patterns of human error, such as weak passwords, insufficient training, and poor communication.
Drawing on established frameworks like the NIST Cybersecurity Framework and ISO/IEC 27001, as well as behavioral models including the Theory of Planned Behavior and Human Error Models, the study demonstrates that technology alone cannot address the full spectrum of cybersecurity risk. The findings reveal that effective resilience depends on integrating human-centered strategies: tailored employee training, simplified security policies, and fostering a robust security culture that aligns with real-world workflows and cognitive limitations.
By emphasizing the interplay between human behavior and technical systems, this thesis offers actionable recommendations for organizations seeking to reduce risk and improve incident response. The research underscores the necessity of treating human factors as a foundational element of cybersecurity, not a supplementary concern. Ultimately, the study contributes to a more balanced and resilient approach to digital security—one that recognizes people as both a source of vulnerability and a critical line of defense.
Drawing on established frameworks like the NIST Cybersecurity Framework and ISO/IEC 27001, as well as behavioral models including the Theory of Planned Behavior and Human Error Models, the study demonstrates that technology alone cannot address the full spectrum of cybersecurity risk. The findings reveal that effective resilience depends on integrating human-centered strategies: tailored employee training, simplified security policies, and fostering a robust security culture that aligns with real-world workflows and cognitive limitations.
By emphasizing the interplay between human behavior and technical systems, this thesis offers actionable recommendations for organizations seeking to reduce risk and improve incident response. The research underscores the necessity of treating human factors as a foundational element of cybersecurity, not a supplementary concern. Ultimately, the study contributes to a more balanced and resilient approach to digital security—one that recognizes people as both a source of vulnerability and a critical line of defense.