Measuring psychosocial and behavioural factors improves attack potential estimates

Cyber risk assessment standards and methodologies do not consider psychological, social and behavioural parameters in their classifications of the attackers’ types, profiles, and competencies. In this paper, we present a holistic, multidimensional approach to examine the likelihood for an attackers’ behaviour to occur by considering all influential factors (e.g., technical, social, behavioural, psychological). Furthermore, the quantification of the attackers’ behaviours may lead to better estimate attacks’ potential.