Select Page
Research library

Mixed methods research approach and experimental procedure for measuring human factors in cyber security using phishing simulations

As cyberattacks increasingly disrupt business operations, organizations are putting more emphasis on human factors—training and evaluating individuals to reduce potential risks. Phishing experiments, which utilize deceptive messages to coerce people into performing actions that serve the attacker, have emerged as an effective, scalable means of assessing these human factors. Despite the wealth of knowledge about phishing—its mechanics and how to counteract it—the specifics of setting up simulated phishing experiments are rarely discussed. This paper introduces a mixed-methods approach for conducting such experiments, offering an in-depth look at the procedural, technological, ethical, and legal elements involved. The proposed methodology draws from both academic studies and hands-on experience in both public and private sector organizations. The paper further examines various opportunities and challenges associated with phishing experiments, providing valuable guidance for future research.

You May Also Like