Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices
Abstract
Cybersecurity systems are often fragmented and difficult to navigate, leaving organisations particularly small and medium-sized enterprises (SMEs) struggling to implement effective, human-centered, and resilient security practices. End users face dispersed resources, complex regulatory requirements, and limited practical guidance, resulting in uneven levels of preparedness and cyber hygiene. These gaps undermine decision-making, organisational resilience, and the effectiveness of certification and compliance processes. To address these challenges, the paper proposes a holistic, conceptual framework that integrates human-centered principles with explainable artificial intelligence (AI) and system-level collaboration. Drawing on established approaches in human-centered security, privacy-by-design, resilience engineering, regulatory science, and AI-driven decision support, the framework aligns with the European Cybersecurity Skills Framework (ECSF). It synthesises insights from cross-sector analyses, socio-technical modelling, and European cybersecurity initiatives that emphasise interoperability and human factors. The framework is structured around five interconnected components: (i) a human-centered decision-support layer using explainable AI; (ii) a harmonised catalogue of cybersecurity, training, and regulatory resources; (iii) an interoperability and collaboration layer enabling structured, machine-readable information exchange; (iv) an adaptive learning and training component aligned with behavioural and competency models; and (v) a trust-by-design compliance engine supporting certification and conformity assessment. The analysis shows that combining human factors with explainable AI produces clearer, more actionable guidance while reducing cognitive and operational burden. Interoperability and collaboration mechanisms help overcome fragmentation, while adaptive learning pathways tailor support to skill levels and organisational maturity. Overall, the framework reframes cybersecurity as a socio-technical system shaped by people, regulation, and collaboration. Future work will empirically validate the framework across diverse organisational contexts to assess its practical impact.
Keywords: Human-centered Cybersecurity, Explainable AI, Socio-technical Systems, Cyber Resilience, Certification Processes, Behavioural Cybersecurity, Adaptive Training, Collaborative Frameworks
DOI: 10.54941/ahfe1007417
Cite this paper
More from this volume
- A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure
- Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
- Eye tracking study to analyze context encoding during phishing decision making
- Enhancing Cybersecurity Learning Through Online Platforms and Gamified Approaches
- Privileged Learning for Instance Representation in Cognitive Models of Phishing Decisions
- Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics
- Governing the human factor in cybersecurity: A regulatory perspective
- Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
- Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization
- Micro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
- Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)
- The Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives


AHFE Open Access