Beyond Technicalities
Assessing Cyber Risk by Incorporating Human Factors
ResearchPublished Jul 9, 2025
The growing reliance on technology makes managing cyber risks harder, especially as human factors play a key role. While firms often focus on technical controls, human behavior and organizational culture add complexity. In this report, the authors explore the human factors related to cyber incidents and propose using psychometrics, machine learning, and tailored interventions to better assess and reduce vulnerability to human-centric cyber threats.
Topics
Document Details
- Copyright: RAND Corporation
- Availability: Web-Only
- Year: 2025
- Pages: 53
- DOI: https://doi.org/10.7249/RRA3841-1
- Document Number: RR-A3841-1
Citation
RAND Style Manual
Huang, Wenjing, Sasha Romanosky, and Joe Uchill, Beyond Technicalities: Assessing Cyber Risk by Incorporating Human Factors, RAND Corporation, RR-A3841-1, 2025. As of May 5, 2026: https://www.rand.org/pubs/research_reports/RRA3841-1.html
Chicago Manual of Style
Huang, Wenjing, Sasha Romanosky, and Joe Uchill, Beyond Technicalities: Assessing Cyber Risk by Incorporating Human Factors. Santa Monica, CA: RAND Corporation, 2025. https://www.rand.org/pubs/research_reports/RRA3841-1.html.
Funding for this research was provided by the RAND Kenneth R. Feinberg Center for Catastrophic Risk Management and Compensation. This research was conducted within the Justice Policy Program within RAND Social and Economic Well-Being.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.