02018nas a2200193   4500000000100000008004100001653001800042653000700060653002300067653001800090653001400108653002700122100002100149700002000170245004700190300001200237490000700249520156800256       2024                            d10ahuman factors10aHF10asocial engineering10aCybersecurity10acognitive10aorganisational culture1 aIlkka Tikanmäki1 aHarri Ruoslahti00aHuman Factors Make or Break Cybersecurity!  a245-2590 v553 a<p>Social engineering attacks often exploit human traits like trust or fear, targeting network devices and personnel. Human vulnerabilities often stem from carelessness, unintentional errors, or lack of awareness. This study investigates how these and other human factors influence cybersecurity while also recognising the role of technology. Threats due to human elements, such as social engineering, cognition, and organisational security cultures, and outside influences, e.g., intentional cybercrime and phishing, can be countered with cyber skills and training. This research looks at prior findings in the areas of individual differences, such as intelligence, cognition, personality traits, and personal cybersecurity behaviours. Organisational factors, such as resource allocation, legal requirements, and technology design, are critical components that influence cybersecurity. This study notes the interconnectedness of the fields of cybersecurity, privacy, and application security. Based on a review of project deliverables, this study highlights cognitive biases, compulsive internet usage, cyberloafing, and password vulnerabilities as significant recognised challenges. Additionally, the study delves into organisational implications, including the role of, e.g., organisational culture in risk mitigation and the impact of Bring Your Own Device policies on security. Ultimately, the findings underscore the importance of holistic approaches to cybersecurity, integrating human, organisational, technological, legal, and ethical considerations.</p>