Cyberattacks are not only becoming more frequent, but also more technologically sophisticated – propelled in part by new tools like generative AI and machine learning (ML). However, 95% of cyber incidents still stem from human error, and cyber criminals exploit this vulnerability to carry out their activities. With over 5.4 billion people active in Cyberspace every day, understanding the nuances of human behavior is crucial for enhancing cybersecurity and developing a safe Cyberspace.

Cyberspace consists of three layers: (I) the physical infrastructure supported by hardware; (II) the logical software that processes data and information; and (III) the cyber identity that’s shaped by how people represent themselves and behave in Cyberspace. In the past, cybersecurity efforts have effectively secured the physical and logical layers with tools like firewalls and antivirus software. However, most cyberattacks target the cyber identity layer through deception and psychological manipulation, enabling criminals to compromise the security of the other two layers to acquire financial reward or access to sensitive data. 

The epitome of this psychological manipulation is phishing – a social engineering tactic that tricks users into exposing their information. A common example is when a criminal gains a victim’s trust and access to their personal information by impersonating a close friend or potential employer. Phishing is the most common cyberattack method globally, representing 41% of all incidents and leading to the costliest data breaches, according to the IBM Security X-Force Threat Intelligence Index 2023. Social engineering is underpinned by an understanding of the human mind and the ability to take advantage of vulnerabilities in users’ cyber identities. As such, psychology is a critical tool for addressing adverse behaviors in Cyberspace, from cybercrime to bullying, exploitation, and abuse.

Cyber psychology, a field that examines how humans interact with and develop in tandem with technology, suggests that anonymity and invisibility can lead to disinhibited behaviors or actions that flout social contracts and norms. In the context of cybercrime, this leads to impulsivity and a lack of empathy among perpetrators, while victims are often lured by seemingly trustworthy sources that are actually masked criminals.  

Understanding these behavioral dynamics is crucial to defend against risks, particularly for vulnerable communities like children. Today, one in six school-aged children experiences cyberbullying, according to a World Health Organization (WHO) study conducted across 44 countries. Addressing issues like this requires more than just technical solutions; it requires a comprehensive understanding of cyber psychology to develop strategies that both mitigate adverse behaviors in Cyberspace and empower users to protect themselves.

While still a relatively new discipline, cyber psychology holds vast potential to contribute to a safer, more resilient Cyberspace in the long-term by enhancing defensive strategies, supporting skills development, and fostering capacity building in cybersecurity. However, tackling issues like crime, bullying, and abuse in Cyberspace also requires an international, multidisciplinary approach.

As cyber psychology continues to evolve, the Global Cybersecurity Forum (GCF) aims to contribute to this process by providing a platform for stakeholders and experts from around the world to exchange ideas and harness psychological insights to address key issues like crime, exploitation, and abuse.

The application of human psychology to cybersecurity can empower both ordinary people and security professionals with a better understanding of how to identify threats, understand malicious intentions, and enhance the resilience of Cyberspace. In the long-term, this will not only contribute to enhancing training and awareness programs globally but also strengthen the overall security of Cyberspace to ensure humanity’s wellbeing.

Join the conversation at the GCF Annual Meeting on October 2-3, 2024, at the Ritz-Carlton, Riyadh. And share your thoughts below on how we can harness cyber psychology to build a safer, more resilient Cyberspace for all.