Cyber-security, which plays a key role in all areas of the digital world, from the power grid to healthcare, is mainly addressed from an analytical, engineering perspective. This research looks at social factors impacting real-life cyber-security, and their possible effects, such as resilience and emergence. Semi-structured interviews were conducted with 20 participants from a broad range of international organisations. Their analysis shows that social factors are indeed relevant to cyber-security. Tension within social structures in organisations (e.g., employee-supervisor relationship, and peer pressure within teams) can significantly impact cyber-security effectiveness. The study concludes that cyber-security should be addressed through social-technical system design, in recognition of the fundamental interdependence of social and technical aspects. As a corollary, organisational cyber-security needs to be treated as a so-called wicked problem, for which a reductionist engineering approach is futile. The complexity and ambiguity of cyber-security’s socio-technical challenges calls for adequate principles, ways of thinking and methods.

Paper Number



Track 15: Student Track