Security: Human nature and behaviour

In this chapter we use a social psychology approach to discuss people’s behaviour in relation to cybersecurity, by considering human errors, personality traits, the relationship between attitude and behaviour and the influence of social and situational factors. Human error has been widely studied in literature, especially in aviation and health care fields. Regardless of the area involved, analysing human factors is fundamental to understand the causes of accidents. With respect to cybersecurity, in fact, human errors—deriving from, e.g., work pressure, distraction, lack of awareness, organizational factors—can be considered one of the most important causes of security breaches. Moreover, looking at the relationship between attitude and behaviour, we can see how individuals do not always behave in coherence with their beliefs. A global perspective in investigating human factors within organizations requires considering the work environment. Furthermore, an increasingly technological context exposes individuals to different stimuli and stressors, generating critical conditions—such as information overload and technostress—affecting individuals’ behaviour. Therefore, for effective adoption of secure behaviour, the management of employees’ well-being has to be included in cybersecurity awareness programmes.