Investigating the Role of Human Behavior in Breach Incidents Across Critical Infrastructure Sectors
Keywords:
Human Behavior, Cybersecurity Breaches, Critical Infrastructure, Insider Threats, Social Engineering, ResilienceAbstract
Human behavior is a central factor in the majority of cybersecurity breaches affecting critical infrastructure sectors such as energy, healthcare, transportation, and finance. While technological vulnerabilities often dominate discussions, studies indicate that employee mistakes, insider threats, and social engineering contribute to more than 80% of incidents. This paper examines the relationship between human actions and breach incidents across critical infrastructures. It emphasizes behavioral vulnerabilities, social manipulation techniques, organizational culture, and resilience practices. Findings suggest that effective mitigation requires not only technical defenses but also comprehensive human-centered policies, continuous training, and cultural adaptation within organizations.
References
Ashenden, D., and Lawrence, D. “Security Dialogues: Building Better Relationships between Security and Business.” Journal of Information Security and Applications, vol. 27, 2016, pp. 35–46.
Bada, A., Sasse, M. A., and Nurse, J. R. C. “Cyber Security Awareness Campaigns: Why Do They Fail to Change Behaviour?” International Journal of Human-Computer Studies, vol. 123, 2019, pp. 29–43.
Furnell, S., and Clarke, N. “Power to the People? The Evolving Recognition of Human Aspects of Security.” Computers & Security, vol. 31, no. 8, 2012, pp. 983–988.
Greitzer, F. L., and Frincke, D. A. “Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation.” Insider Threats in Cyber Security, Springer, 2010, pp. 85–113.
Hadlington, L. “Human Factors in Cybersecurity; Examining the Role of Human Error in the Context of Cybersecurity Breaches.” Heliyon, vol. 3, no. 1, 2017.
Jalali, M. S., et al. “Cybersecurity in Hospitals: A Systematic, Organizational Perspective.” Journal of Medical Internet Research, vol. 21, no. 5, 2019.
McLeod, A., and Dolezel, D. “Cyber-Analytics: Modeling Factors Associated with Healthcare Data Breaches.” Information Systems Frontiers, vol. 20, no. 2, 2018, pp. 253–272.
Parsons, K., et al. “Human Factors and Information Security: Individual, Culture and Security Environment.” Australian Government: Defence Science and Technology Group, 2017.
Anderson, R., and Moore, T. “The Economics of Information Security.” Science, vol. 314, no. 5799, 2006, pp. 610–613.
Schneier, B. Secrets and Lies: Digital Security in a Networked World. Wiley, 2000.
Mitnick, K., and Simon, W. L. The Art of Deception: Controlling the Human Element of Security. Wiley, 2002.
Sasse, M. A., Brostoff, S., and Weirich, D. “Transforming the ‘Weakest Link’—A Human/Computer Interaction Approach to Usable and Effective Security.” BT Technology Journal, vol. 19, no. 3, 2001, pp. 122–131.
Weir, C., et al. “Testing Usability and Security in the Wild: Multi-Factor Authentication for Online Banking.” ACM Transactions on Computer-Human Interaction, vol. 24, no. 6, 2017.
Pfleeger, S. L., and Caputo, D. D. “Leveraging Behavioral Science to Mitigate Cyber Security Risk.” Computers & Security, vol. 31, no. 4, 2012, pp. 597–611.
Bulgurcu, B., Cavusoglu, H., and Benbasat, I. “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness.” MIS Quarterly, vol. 34, no. 3, 2010, pp. 523–548.
