Description
In this Research Topic, we have tried to present an alternative but highly complementary view to the almost total focus on purely technical solutions in cybersecurity, namely -that cybersecurity attacks ultimately succeed because they target the cognitive and behavioural vulnerabilities of ordinary users, and that for attacks to be prevented (at best) or mitigated (at least), user-focused techniques must be researched, fostered and developed.The small but growing band of dedicated researchers and practitioners in human factors in cybersecurity is making real inroads into developing a holistic view on how fundamental psychological principles -cognition, behaviour, perception, motivation and emotion, to name but a few -can be readily understood within a sociotechnical context to be the primary basis for embracing a security-by-design philosophy.Humans are complex beasts. They are motivated by a range of conscious factors and unconscious biases from making decisions that are highly exploitable by cybercriminals. Phishing texts, for example, are carefully designed to create a sense of urgency in the receiver, while malware delivery relies on the routinised habit of clicking on links. More generally, scammers exploit our inability to reconcile conflicting information in time-pressured circumstances, and our susceptibility to buy overpriced commodities during a market bubble as described in greater fool theory.If there is one conclusion that we can draw from the body of work pre...