Human aspects of cyber security: Behaviour or culture change

Adam Joinson, Professor of Information Systems and Tommy van Steen, Post-doctoral Research Associate, School of Management, University of Bath


Click the button below to download the full text of the article.



Abstract: For security professionals, addressing the role of the human in cyber security is becoming ever more important as systems are technically increasingly secure and threat actors shift their focus towards exploiting human vulnerabilities. This paper looks at three ways that the role of humans in cyber security has been addressed and suggests integrating culture, behaviour and the design of security tools and policies to properly define the role of the human in protecting cyber security.


Keywords: cyber security; behaviour change; organisational culture; human vulnerabilities


Adam Joinson holds the post of Professor of Information Systems at the University of Bath, School of Management. His research focuses on the interaction between psychology and technology, with a particular focus on how technology can shape behaviour, social relations and attitudes. Recently this work has covered privacy attitudes and behaviours, the social impact of monitoring technology, computer-mediated communication and the human aspects of cyber security and security compliance. The EPSRC, ESRC, EU, British Academy and UK Government have funded this work. He has published over 80 articles in the field, as well as editing the Oxford Handbook of Internet Psychology (OUP, 2007) and authoring two books on psychology and technology. He is principal investigator for the Cyber-Security Across the LifeSpan project ( and co-investigator for the Centre for Research and Evidence on Security Threats (


Tommy Van Steen is a postdoctoral research associate at the University of Bath, School of Management. His research focuses on advancing behaviour change knowledge and applying behaviour change theories to a variety of themes and behaviours. Currently, this involves applying behaviour change theories to address cyber security questions. These questions include the role of end users, management, and organisational structures that can hinder or support the occurrence of meaningful and lasting behaviour change. His work is funded by the UK Government.

Read this featured article now.
To read this article and receive further updates on Henry Stewart Publications content please register using the form below.