Socio-Technical Cyber Security for Socio-Technical Systems: Human Factors and Other Perspectives

Dear Colleagues,

In today’s digitally hyperconnected world, cases of cyber risk incidents are becoming common occurrences, with the impacts becoming increasingly debilitating. From enterprise systems to critical infrastructure, cyber security risks are increasing and are a primary concern for modern business stakeholders in various fields. Every modern business and organisational system in use today is largely socio-technical in form—comprising goals and values, managerial, psychological, structural, and technical attributes—and are all co-operating and co-interacting to achieve a desired functional or operational objective. Most of these attributes are human-centred or, more technically, human factor-related. With advancing digitisation, automation, and connectivity, research suggests that nearly 90% of cyber breaches are attributed to human error. So, in spite of the steady growth in technology-based security implementations, human error and other human factor-related attributes are still prevalent, causing significant challenges to effective security in socio-technical systems. Typically, system security developers and operators often focus on technical measures and training to manage and control cybersecurity risks, often neglecting the diverse roles and behaviours of human users interacting with the system. While technical security solutions are essential, they are not sufficient on their own. Considering human factors in the wider security approach is crucial for effectively mitigating evolving security risks in socio-technical systems. This means an approach that recognises that human behaviour, cognition, and other non-technical attributes are fundamental elements that must be considered when designing security for today’s socio-technical systems.

This Special Issue will aim to delve into the pivotal role human factors and related attributes play in effectively addressing security issues within socio-technical systems and environment use cases. These can include merging and evolving cyber attacks exploiting human-factors and other non-technical system attributes, including social engineering, ransomware, phishing, fake news, disinformation, misinformation cyber risks, supply chain attacks, AI-driven attacks, human–AI collaboration, as well as psychological strategies, impacts on individuals and organisations, and the implications for national security and economy. This Special Issue will explore various perspectives pertaining to integrating human factor-related security into socio-technical systems—in analyses, modelling, simulation, design, and implementation—reframing the approach from ‘humans are part of the problem’ to ‘humans are part of the solution’ in securing socio-technical systems.

We invite submissions that examine how cognitive hacking, cognitive biases, emerging human factor-related attack strategies, human factors in socio-technical system security design, decision-making processes, AI for cyber security, human factors in the cyber security of AI, human value and trust in system security, social securitisation, the impact of emotional states, and other human factors enable users’ vulnerability to cyber threats. Studies focusing on psychological techniques and tactics employed by cyber attackers, strategies to enhance user resilience against human facto-related attacks, studies leveraging psychological insights to develop human-centric security measures, such as technologies, tools, methods for enhancing privacy, and training and awareness programmes are all also welcome. 

This interdisciplinary Special Issue aims to advance knowledge at the intersection of cyber security, psychology, management, technology, law, and ethics. It aspires to contribute to the more effective reasoning, design, and implementation of cyber security while accounting for human factors in socio-technical systems, thus helping to establish a safer online environment for performing business across critical national infrastructure sectors. The insights and approaches from this timely collection of research work will be of immense benefit to researchers, practitioners, and policymakers. 

We look forward to receiving your contributions.

Dr. Uchenna Daniel Ani
Prof. Dr. Hongmei He
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Systems is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

• human factor-related security
• socio-technical systems
• cyber security
• human behaviour
• privacy protection
• security risk management