Botching Human Factors in Cybersecurity in Business Organizations

Human factors remained unexplored and underappreciated in information security. The mounting cyber-attacks, data breaches, and ransomware attacks are a result of human-enabled errors, in fact, 95% of all cyber incidents are human-enabled. Research indicates that existing information security plans do not account for human factors in risk management or auditing. Corporate executives, managers, and cybersecurity professionals rely extensively on technology to avert cybersecurity incidents. Managers fallaciously believe that technology is the key to improving security defenses even though research indicates that new technologies create unintended consequences; nonetheless, technological induced errors are human-enabled. Managers’ current perspective on the human factors problem information security is too narrow in scope and more than a training problem. The management of complex cybersecurity operations accompanied by mounting human factor challenges exceeds the expertise of most information security professionals; yet, managers are reluctant to seek the expertise of human factors specialists, cognitive scientists, and behavioral analysts to implement effective strategies and objectives to reduce human-enabled error in information security.