In the current digital age, businesses face an increasing number of cyber risks that threaten their operations, customers, and reputation. One of the key areas that businesses need to focus on is cybersecurity. Since over 2/3 of cyberattacks are based on social engineering rather than brute force technology, behavioural data science becomes a powerful tool, which can help organisations and individuals to prevent cyberattacks.
The main advantage of looking at cyber security through the prism of behavioural data science from the organisational perspective is that behavioural data science allows us to consider cyber security risks and vulnerabilities across different dimensions; as well as suggests ways how to discover new risks and vulnerabilities by looking at the wider ecosystem of issues beyond data and technology.
Behavioural data science focuses not only on how new risks and vulnerabilities could be detected but also on how humans perceive them and how those perceptions can misrepresent the actual threats leading to under- or overreaction when responses to threats are formulated. As behavioural data scientists, we also look at how the ability to anticipate new risks and vulnerabilities can influence business models and business model innovation. Essentially, behavioural data science can be viewed as a gateway to empowering businesses to be able to apply a new human-centred vision to cybersecurity problems in order to detect risks that they have not encountered or have not anticipated before.
Furthermore, these risks and vulnerabilities do not only have to be detected but also effectively communicated. Behavioral data science also aims to demonstrate how effective communication can help build secure and safe human-cyber spaces in the new digital economy.
One of the key insights behavioural data science has to offer is the need to move away from the view, where organisations focus on building walls and barriers to protect their assets. Instead, organisations need to adopt a more proactive and dynamic approach to cybersecurity that focuses on identifying and addressing vulnerabilities before they can be exploited. This requires organisations to have a deep understanding of the threats they face and the behaviours (inclusive of human, algorithmic, and systems behavioura) that contribute to those threats.
Behavioural data science can help organisations to achieve this understanding by providing insights into the human, algorithmic, and systems factors that contribute to cyber risks. For example, behavioural data science can provide insights into employees' behaviour online and their attitudes towards cybersecurity to deliver customised training to different behavioural segments of employees. By continuously analysing behavioural as well as "traditional" data, organisations can more efficiently identify areas where investment and training needs should be prioritised.
Overall, it is important to adopt a holistic approach to cybersecurity that takes into account technical, human, and process (operational) factors. Behavioural data science can play a crucial role in this regard by providing insights into human, algorithmic, and systems behaviour and helping organisations to identify and address potential vulnerabilities. By adopting a proactive and dynamic approach to cybersecurity and building a culture of cybersecurity based on behavioural data science, businesses can better protect themselves against the growing number of cyber risks they face.
Use Cases
This project aims to address the socio-technical cybersecurity risks of operationalising machine learning models. It will generate new knowledge in the areas of computer security and human-computer interaction by using a transdisicplinary research approach that brings together social and behavioural science, computer science, and data science. The outputs from the research will be models of the behavioural risks to machine learning operations; a tool for facilitating experiments to manage the risks of human-machine teaming and novel algorithms that can be used to both defend and attack machine learning operations. The benefits arising from the research with be increased trust in the operationalisation of machine learning models.
This project developed and delivered behavioural data science segmentation algorithm based on a Cyber Domain Specific Risk Taking (CyberDoSpeRT) scale. The method was used in many organisations in UK, US, and Australia, helping organisations in financial services, consulting, retail, and telecommunications achieve better (more secure) outcomes. The project received an award from the British Academy of Management in Organisational Psychology.
Selected References
Pogrebna, G., & Skilton, M. (2019). Navigating new cyber risks: How businesses can plan, build and manage safe spaces in the digital age. Springer.
Towers-Clark, Ch. (2018) Relaxed, Anxious, Ignorant: Our Attitudes Towards CyberSecurity Are Making The Problem Worse, Forbes
Kharlamov, A., Jaiswal, A., Parry, G., & Pogrebna, G. (2018). A cyber domain–specific risk attitudes scale to address security issues in the digital space. mimeo. https://doi. org/10.13140/RG. 2.2. 31408.05122/2.