Extended Slovník

Behavior

In cybersecurity, behavior refers to the actions, habits, decisions, and responses of individuals—employees, users, attackers—that directly affect the security posture of an organization or system.

Human behavior in cybersecurity encompasses the full spectrum of conscious and unconscious actions and decisions made by individuals that can either protect or compromise digital assets. This includes everything from adhering to security policies and identifying phishing attempts to unintentionally clicking malicious links or intentionally misusing data. Understanding these behavioral patterns—including cognitive biases, human error, and compliance attitudes—is paramount for developing effective security awareness programs, mitigating insider threats, and building a resilient security culture.

What is human behavior in cybersecurity?

In the context of cybersecurity, behavior refers to the actions, habits, decisions, and responses of individuals—employees, end users, contractors, and even attackers—that directly affect the security posture of an organization or system. These behaviors can be deliberate, such as following multi-factor authentication protocols, or involuntary, such as falling victim to social engineering due to cognitive biases like urgency or authority bias. Organizations such as the National Institute of Standards and Technology (NIST) and the SANS Institute have long emphasized that technology alone cannot secure systems—human behavior is a fundamental variable in the security equation.

Why is human behavior critical in cybersecurity?

Human behavior is widely recognized as the single largest attack surface in any organization. According to research cited by the Cybersecurity & Infrastructure Security Agency (CISA), the vast majority of successful cyberattacks involve some form of human error or manipulation. Key reasons why behavior is critical include:

  • Phishing and social engineering: Attackers exploit human psychology—trust, fear, curiosity—to bypass even the most sophisticated technical defenses.
  • Insider threats: Whether malicious or negligent, insiders with access to sensitive data can cause catastrophic breaches through their behavior.
  • Compliance gaps: Even well-documented security policies are only as effective as the people who follow them. Behavioral non-compliance creates systemic vulnerabilities.
  • Security culture: The collective behavior of an organization's workforce defines its security culture, which either reinforces or undermines its technical safeguards.

How to improve security behavior in the workplace?

Improving security behavior requires a multi-layered approach that goes beyond traditional awareness training. Effective strategies include:

  • Continuous security awareness training: Regular, engaging, and scenario-based training programs help employees recognize and respond to threats in real time.
  • Phishing simulations: Periodic simulated phishing campaigns allow organizations to measure behavioral change and identify at-risk individuals.
  • Behavioral nudging: Implementing subtle design cues and reminders—such as password strength indicators or just-in-time security tips—can guide users toward safer choices.
  • Positive reinforcement: Rewarding secure behavior rather than only punishing mistakes fosters a culture where employees feel empowered to report incidents and ask questions.
  • Clear and accessible policies: Security policies should be written in plain language and integrated into daily workflows so compliance becomes a natural part of work routines.

For example, an organization might reduce credential-related risks by combining training on password hygiene with the deployment of a password manager, making secure behavior the path of least resistance.

When does risky security behavior most commonly occur?

Risky behavior tends to spike under specific conditions:

  • High workload and stress: When employees are under pressure to meet deadlines, they are more likely to cut corners—such as bypassing VPN connections or sharing credentials for convenience.
  • Onboarding and role transitions: New employees or those changing roles may lack familiarity with security protocols, making them more susceptible to mistakes.
  • Remote and hybrid work: Working outside the controlled office environment introduces risks such as unsecured Wi-Fi networks, shared devices, and reduced oversight.
  • After hours and fatigue: Cognitive fatigue reduces vigilance, making individuals more likely to click on suspicious links or ignore security warnings.
  • During organizational change: Mergers, layoffs, or restructuring can erode trust and morale, increasing the likelihood of both negligent and intentional security violations.

Which human behaviors are most detrimental to cybersecurity?

Research in human-computer interaction and information security consistently identifies several behaviors as the most damaging:

  • Clicking on phishing links: An employee clicks on a phishing link in an email, inadvertently installing malware that compromises the entire network.
  • Password reuse and weak passwords: A user reuses a simple password across multiple critical accounts, enabling attackers to gain access through credential stuffing.
  • Ignoring software updates: Delaying or dismissing security patches leaves known vulnerabilities exposed to exploitation.
  • Unauthorized data sharing: Sending sensitive files via personal email or unapproved cloud services creates data leakage risks.
  • Tailgating and physical security lapses: Allowing unauthorized individuals to enter secure areas undermines physical and digital security alike.
  • Shadow IT: Using unauthorized applications or devices introduces unmonitored entry points into the organization's infrastructure.

Addressing these behaviors requires a holistic strategy that combines technology, policy, and ongoing behavioral science-informed interventions to create a truly resilient cybersecurity posture.

← Back to Glossary