Governing the human factor in cybersecurity: A regulatory perspective

Open Access
Article
Conference Proceedings
Authors: Dusko MilojevicJan De BruyneMaja Nisevic
Abstract

In an increasingly interconnected world, cyberattacks have emerged as one of the most pressing global threats, endangering critical infrastructure, compromising sensitive data, and disrupting essential services across sectors. As a result, cybersecurity has become a key policy priority at all levels of governance. In response, the European Union (EU) adopted, inter alia, the Cybersecurity Strategy for the Digital Decade and significantly expanded its legislative framework to strengthen cybersecurity requirements through both horizontal and sector-specific regulatory instruments. Alongside policy instruments, cybersecurity efforts have emphasised technical measures to address the evolving cybersecurity threat landscape. However, there is growing recognition that cybersecurity cannot be effectively understood or addressed solely through technical measures. Cybersecurity posture depends not only on technological safeguards but also, fundamentally, on the so-called ‘human factor’. Against this backdrop, this article examines how the human factor is conceptualised and addressed within the EU’s cybersecurity legal frameworks. Adopting a qualitative, interdisciplinary approach grounded in doctrinal legal research, the article analyses the regulatory treatment of the human factor within EU cybersecurity law. It contributes to broader debates on cybersecurity governance by identifying regulatory gaps, proposing recommendations for better integrating human-centred cybersecurity strategies into EU regulatory frameworks, and outlining avenues for future research to strengthen cybersecurity resilience.

Keywords: Human Factor, Cybersecurity, Regulatory Governance

DOI: 10.54941/ahfe1007413

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision DynamicsAssessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
View all articles in Human Factors in Cybersecurity