Addressing the Human Factor in Cybersecurity through a Holistic Multi-Stakeholder Ontology with a Case Study on the Cyber Champion in the Workplace Initiative.

In today's rapidly evolving digital landscape, cybersecurity threats continue to escalate, with human factors often identified as the weakest link in the cyber defence chain. This research addresses this gap by designing, developing, and evaluating a multi-stakeholder approach for a holistic ontology to capture the human factors in cybersecurity and their interventions in a machine-readable format to support behavioural change in the workplace.

The study commenced with a comprehensive literature review, meticulously synthesising key concepts surrounding human factors, behaviours, interventions, and outcomes in cybersecurity. Subsequently, a comparative analysis of national cybersecurity strategies was conducted, revealing significant gaps in human-centred efforts across ten countries, including the UK.

A pivotal contribution of this research lies in the development of a robust cybersecurity ontology, capturing the interdependencies among stakeholders. This ontology successfully mapped 14 key stakeholder classes, 12 human factor categories, and 16 intervention types, providing a structured framework for understanding complex cybersecurity dynamics.

An extensive case study on the Cyber Champion in the Workplace Initiative demonstrated the practical application of the ontology. Empirical evaluation through surveys of 98 cyber champions revealed that 74% noted increased staff awareness of cybercrime threats, and 79% actively shared security updates. Quantitative analysis using structural equation modelling showed significant positive relationships between local implementation, knowledge gained (β=0.348, p<0.001), and employee awareness (β=0.771, p<0.001), validating the initiative's effectiveness.

Furthermore, this research resulted in in the co-design of "Cyberely," a digital platform leveraging behavioural change techniques. User surveys indicated over 90% of respondents found a cyber champion network useful, validating the platform's potential impact.

The study's findings contribute to advancing the behavioural cybersecurity domain across policy, programs, conceptual models, evaluations, and systems. The multi-stakeholder ontology offers a novel approach to systematically representing socio-cultural dynamics, bridging the gap between official strategies and end-user realities.

In summary, this research advocates for a holistic, multi-stakeholder approach to addressing human factors in cybersecurity. Through the development of an encompassing ontology, empirical case studies, and innovative digital platforms, this study underscores the importance of fostering collaboration across diverse stakeholders to fortif your collective defence against evolving cyber threats, focusing on the human factor.