Systems, Vol. 13, Pages 280: Exploring Heuristics and Biases in Cybersecurity: A Factor Analysis of Social Engineering Vulnerabilities

Systems doi: 10.3390/systems13040280

Authors:
Valerică Greavu-Şerban
Floredana Constantin
Sabina-Cristiana Necula

Cybersecurity threats increasingly exploit cognitive heuristics, yet their structured role in security decision-making remains underexplored. This study examines how heuristic-driven behaviors influence vulnerability to cyberattacks, particularly in social engineering contexts. Using Exploratory Factor Analysis (EFA), followed by Confirmatory Factor Analysis (CFA), we identified two key cognitive dimensions: risk perception and compliance and security, shaping security decisions. Regression and mediation analyses revealed that risk awareness influences protective behaviors, but a security paradox persists—many users recognize risks yet fail to act accordingly. Clustering techniques further classified individuals into distinct cybersecurity profiles, highlighting variations in susceptibility. This research bridges cognitive psychology and cybersecurity, offering insights for designing more effective awareness programs and interventions. Understanding these cognitive vulnerabilities is essential for improving cybersecurity resilience and risk mitigation strategies.

Source link

Valerică Greavu-Şerban www.mdpi.com