Draft:Psychology of Cybersecurity

Review waiting, please be patient. This may take 7 weeks or more, since drafts are reviewed in no specific order. There are 2,767 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Psychology of Cybersecurity (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 2 days ago by Kaolay (talk: D · +) · Last edited 2 days ago by Kaolay

Submission declined on 7 December 2025 by Qcne (talk). Your draft shows signs of having been generated by a large language model, such as ChatGPT. Wikipedia guidelines prohibit the use of LLMs to write articles from scratch. In addition, LLM-generated articles usually have multiple quality issues, to include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Qcne 2 months ago. Last edited by Kaolay 2 days ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

Submission declined on 31 October 2025 by Pythoncoder (talk). Your draft shows signs of having been generated by a large language model, such as ChatGPT. Wikipedia guidelines prohibit the use of LLMs to write articles from scratch. In addition, LLM-generated articles usually have multiple quality issues, to include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. Declined by Pythoncoder 3 months ago.

Submission declined on 24 October 2025 by GreenRedFlag (talk). Still AI generated text present, please rewrite following Wikipedia guideline and also add secondary (Scholarly reviews, meta-analyses, textbooks, or journalistic summaries that interpret or contextualize multiple primary works.) citations. Your draft shows signs of having been generated by a large language model, such as ChatGPT. Wikipedia guidelines prohibit the use of LLMs to write articles from scratch. In addition, LLM-generated articles usually have multiple quality issues, to include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. Declined by GreenRedFlag 4 months ago.

Submission declined on 13 September 2025 by Aydoh8 (talk). Your draft shows signs of having been generated by a large language model, such as ChatGPT. Wikipedia guidelines prohibit the use of LLMs to write articles from scratch. In addition, LLM-generated articles usually have multiple quality issues, to include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. Declined by Aydoh8 5 months ago.

• Comment: Do not use ChatGPT to write Wikipedia articles. qcne (talk) 19:08, 7 December 2025 (UTC)COMMENT: i'havent use any LLM this is only made by me!

The psychology of cybersecurity (often intersecting with usable security and cyberpsychology) is an interdisciplinary field studying how human behavior, cognitive biases, and social dynamics influence information security. While traditional cybersecurity focuses on hardware and software vulnerabilities, this discipline addresses the "human factor," which is frequently exploited in cyberattacks.^[1] It draws primarily from cognitive psychology, behavioral economics, and human–computer interaction.

The challenge of human behavior in computing was noted as early as the 1960s with multi-user mainframes like the Compatible Time-Sharing System (CTSS). In 1966, a software error on CTSS caused the system's master password file to be displayed to every user upon login—one of the earliest documented security incidents attributable to a combination of system design and human factors.^[2] Even before this incident, system administrator Fernando Corbató had observed that users found passwords fundamentally burdensome and routinely circumvented them. Decades later, Corbató acknowledged that the password system had become unmanageable at scale.^[3]

These behaviors gained broader significance in the 1990s as the Internet became widely accessible. High-profile incidents involving figures like Kevin Mitnick demonstrated that exploiting human trust through social engineering (such as pretexting over the phone) was often more efficient than attempting technical exploits.^[4]

Much of the psychology of cybersecurity focuses on decision-making under stress or uncertainty. Researchers apply frameworks like Daniel Kahneman's dual process theory to explain why individuals fall for phishing or business email compromise (BEC). Threat actors typically design malicious communications to trigger fast, emotional "System 1" thinking—using urgency, authority, or panic—which prompts users to click a link or wire funds before their analytical "System 2" can assess the situation's legitimacy.^[5]

The effectiveness of phishing at scale has been documented in industry research. The 2016 Verizon Data Breach Investigations Report found that in controlled simulations, approximately 30% of phishing emails were opened by their targets, and 12% of recipients proceeded to click the malicious attachment or link. The median time for the first user in an organization to open a phishing email was 1 minute and 40 seconds.^[6]

Several well-documented psychological phenomena actively influence daily security practices:

• Cognitive biases: The optimism bias often leads users to believe they are unlikely to be targeted by cybercriminals, resulting in lax password practices or delayed software updates. The availability heuristic can cause individuals to focus on highly publicized, sophisticated threats while ignoring common, statistically probable risks like credential reuse.^[7]
• Social influence: Attackers leverage established principles of persuasion, such as those categorized by Robert Cialdini. Impersonating a CEO leverages the psychological trigger of authority, while fake tech support scams often use reciprocity (offering to fix a small problem before asking for network credentials).^[8]

In today's digital workplace, cybersecurity is a cornerstone of organizational stability, underpinning efforts to protect sensitive data and ensure compliance with increasingly stringent regulatory frameworks. However, as cybersecurity measures evolve, employees tasked with implementing and maintaining these systems face growing challenges. This has led to cybersecurity fatigue, a state of mental and emotional exhaustion arising from repeated exposure to security demands.

A primary example is alert fatigue, heavily documented among both end-users and security operations center (SOC) analysts. Continuous exposure to browser warnings or antivirus pop-ups, particularly those that are false positives, conditions users to habituate to the alerts and dismiss them automatically without reading the content.^[9] The scale of this problem is significant in enterprise settings: industry surveys have estimated that SOC teams in large organizations receive thousands of alerts daily, a substantial proportion of which turn out to be false positives, meaning that genuinely malicious indicators are frequently buried in noise.^[10]

Similarly, Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to log in to a computer at work. Users cope with the memory burden by making predictable, iterative changes to their passwords (such as updating "Password01!" to "Password02!"), which actually decreases overall network security.^[11]

Within corporate environments, these behavioral patterns create a "compliance budget." Beautement, Sasse, and Wonham introduced the concept through field research at a large European organization, where they observed that employees routinely emailed sensitive documents to personal accounts because the approved secure file transfer system required a cumbersome multi-step process. The researchers argued that security policies carry a hidden cost that competes directly with productivity: each additional security measure draws from a finite reserve of employee willingness to comply. Once this budget is exhausted, employees default to insecure workarounds regardless of training or awareness campaigns.^[12] This phenomenon, in which employees adopt unauthorized tools or cloud services to circumvent perceived obstacles, is often referred to as Shadow IT.

• Cyberpsychology
• Human factors and ergonomics
• Usable security
• Information security awareness
• Password psychology
• Behavioral economics

• Anderson, Ross (2020). Security Engineering: A Guide to Building Dependable Distributed Systems (3rd ed.). Wiley. ISBN 978-1119642787.
• Cranor, Lorrie Faith; Garfinkel, Simson (2005). Security and Usability: Designing Secure Systems that People Can Use. O'Reilly Media. ISBN 978-0596008277.
• Schneier, Bruce (2015). Secrets and Lies: Digital Security in a Networked World. Wiley. ISBN 978-1119092438.

• CyLab Usable Privacy and Security Laboratory — Carnegie Mellon University
• USENIX Symposium on Usable Privacy and Security (SOUPS)
• NIST Usable Cybersecurity Program