The Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives
Abstract
Organisations increasingly recognise that cyber resilience cannot be achieved through technical controls alone, but critically depends on how individuals perceive and enact security requirements in everyday work. This paper synthesises current knowledge on the human factor in cyber resilience at the intersection of behaviour, organisational culture and sociotechnical design.First, core constructs are clarified by linking cyber resilience with established approaches from human factors and work and organisational psychology, including stress and cognitive load, trust and the psychological contract, security culture and human–technology interaction. On this basis, three levels of analysis are distinguished: an individual level (psychological resources and decision processes), an organisational level (leadership, culture, work organisation, perceived fairness and support) and a sociotechnical level (design of technologies, interfaces and digital assistance systems).Second, the paper conducts a structured narrative review of recent empirical and conceptual literature, drawing on seven scientific databases and restricted to peer-reviewed publications from 2023 onwards, to synthesise recurring psychological and organisational mechanisms that influence security‑relevant behaviour. Particular attention is paid to tensions between productivity pressures and security demands, as well as to the roles of emotions, fatigue and habituation in real‑world decision making. Third, the contribution formulates a literature‑based research agenda that highlights key priorities for future interdisciplinary research and for the development of resilience‑oriented awareness programmes, leadership practices, work organisation and adaptive sociotechnical solutions.
Keywords: Cyber Resilience, Cybersecurity, Human Behaviour, Organisational Culture, Sociotechnical Systems
DOI: 10.54941/ahfe1007419
Cite this paper
More from this volume
- A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure
- Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
- Eye tracking study to analyze context encoding during phishing decision making
- Enhancing Cybersecurity Learning Through Online Platforms and Gamified Approaches
- Privileged Learning for Instance Representation in Cognitive Models of Phishing Decisions
- Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics
- Governing the human factor in cybersecurity: A regulatory perspective
- Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
- Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization
- Micro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
- Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices
- Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)


AHFE Open Access