Arrow back

Psychology can protect your employees against cyber attacks

15 February, 2024

Despite significant investments in cutting-edge cyber security systems, many businesses inadvertently neglect their most vulnerable asset – their employees.

It's often not sophisticated hacking techniques that pose the most significant risk, but rather the everyday behaviours and thought patterns of individuals within the organisation.

Research consistently shows that humans can be easily manipulated into divulging confidential information by exploiting their cognitive biases and habits.

Let's delve into why psychology is pivotal in cyber attacks and explore actionable strategies to prevent human error within your organisation.

Understanding the human element in cyber risks

According to, £4,590 is the average spend on cyber security for businesses in the UK, and for larger organisations, the average annual spend is as much as £387,000.

However, the bulk of this expenditure typically goes towards technological solutions like anti-malware and firewalls, with only about 10% allocated for cyber education.

This approach overlooks a critical aspect: nearly 90% of successful cyber attacks stem from human error rather than technical deficiencies.

Cybercriminals often exploit human psychology, finding it easier to manipulate individuals than to breach robust technical defences.

Recognising the significance of this human factor is essential for striking a balance between technological investments and providing adequate employee training and awareness.

At Bob’s Business, we emphasise addressing these vulnerabilities in our training programs to bolster overall business resilience against cyber threats.

Our research and solutions

In 2019, psychologist Sathpal Panesar joined Bob's Business’ Technical Team through a Knowledge Transfer Partnership (KTP) project.

Sathpal's efforts focused on developing the UK's first evidence-based, psychologically-informed cybersecurity training program.
This research delved deep into the psychological aspects of cybersecurity, particularly understanding the human factors contributing to risky behaviours such as clicking on phishing emails.

The findings were not confined to theory; they were practically applied in simulated phishing campaigns to identify employee vulnerabilities and tailor behavioural responses.

In 2021, this KTP project received a 'Very Good' grade, a testament to its success despite the challenges posed by the global pandemic.

The training derived from Sathpal's research enables employees to identify and mitigate risks associated with phishing, thereby protecting businesses from potentially costly cyber attacks.

Bob's Business now employs behavioural analytics to develop customised training packages that significantly reduce the risk of employees falling victim to phishing attacks.

Practical strategies for defence

We provide practical strategies to defend your business against psychological cyber threats:

  • Understanding cognitive biases: Recognise and address cognitive biases among employees, such as misplaced trust in familiar emails or urgent requests.
  • Habit formation: Implement regular, repetitive training to cultivate security-conscious habits among your workforce.
  • Emotional awareness in decision-making: Provide training to help employees recognise and manage emotional responses to phishing attacks.
  • Scenario-based training: Engage employees with practical scenarios relevant to their daily tasks to enhance learning retention.
  • Continuous learning: Ensure training is regularly updated with the latest phishing techniques to keep employees informed.
  • Promoting open communication: Foster an environment where employees feel comfortable reporting potential threats and seeking advice.
  • Leadership involvement: Demonstrate leadership commitment to cybersecurity by actively participating in training and awareness programs.

How Bob's Business can help your organisation

By understanding the human factor behind cyber vulnerabilities within your organisation, our eLearning programs are specifically tailored to address your organisation's unique blind spots.

By integrating real-life scenarios and continuous updates, we equip your team with the skills and awareness needed to effectively defend against cyber threats, ensuring your organisation remains one step ahead.

Click here to explore the best security training solution for your organisation.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance