Researchers and practitioners have acknowledged, human-related risks, among the most important factors in cybersecurity. An IBM report (2014) shows that over 95% of security incidents involved “human errors”. Responses to human-related cyber risks remain undermined by a conceptual problem: the mindset associated with the term ‘cyber’-crime. It has persuaded us that that crime with a cyber-dimension occurs purely within a (non-physical) ‘cyber’ space, and that these constitute wholly new forms of offending, divorced from the human/social components of traditional (physical) crime landscapes. In this context, the unprecedented linking of individuals and technologies into global social-physical networks has generated exponential complexity and unpredictability of vulnerabilities.

In addition to hyperconnectivity, the dynamic evolving nature of cyber systems is equally important. Cybersystems change far faster than biological or material cultures. Criminal behaviour and techniques evolve in relation to the changing nature of opportunities centring on target assets, tools and weapons, routine activities and business models. Studying networks and relationships between individuals, businesses and organisations in a hyperconnected environment requires an understanding of communities and the broader ecosystems. This complex, non-linear process can lead to co-evolution in the medium-longer term.

While there is isolated research across these areas, there is no holistic framework combining all these theoretical concepts to allow a more comprehensive understanding of human-related risks within cybersecurity ecosystems and to design more effective and engaging approaches to reduce such risks.

The project’s overall aim is to develop a framework through which we can analyse the behavioural co-evolution of cybersecurity and cybercrime ecosystems and effectively influence a range of factors in the ecosystems in order to reduce human-related risks. The new framework and solutions provided will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.