As organizations face an evolving threat landscape, the need for robust cybersecurity frameworks that transcend purely technical solutions becomes more pressing. This review paper introduces a conceptual model titled “Cybersecurity Culture and Organizational Resilience: A Human-Centered Approach to Digital Risk Management”, grounded in the integrated framework of Protection Motivation Theory (PMT), Theory of Planned Behaviour (TPB), Resilience Theory, Socio-Technical Systems Theory, and Organizational Culture Theory. The study highlights the importance of cultivating a cybersecurity culture and implementing human-centered practices to enhance organizational resilience against cyber threats. It explores how human behaviour, awareness, and support systems interplay with technical measures to form a comprehensive defence posture. The proposed model includes four primary hypotheses connecting cybersecurity culture, human-centered practices, digital risk behaviour, and organizational support systems to organizational resilience. Through a synthesis of theoretical perspectives and contemporary cybersecurity practices, and qualitative approach (interviewing 15 experts), the paper emphasizes a shift toward inclusive, psychologically informed, and behaviourally driven strategies in risk mitigation. This human-centered orientation addresses critical gaps in traditional cyber defences and provides insights into designing resilient organizations that are adaptive, proactive, and secure by design.
References
[1]
Abrahams, T. O., Farayola, O. A., Kaggwa, S., Uwaoma, P. U., Hassan, A. O., & Dawodu, S. O. (2024). Cybersecurity Awareness and Education Programs: A Review of Employee Engagement and Accountability. Computer Science & IT Research Journal, 5, 100-119. https://doi.org/10.51594/csitrj.v5i1.708
[2]
Ahmed, M., Kambam, H. R., Liu, Y., Jaidka, S., & Petrova, K. (2024). Impact and Significance of Human Factors in Digital Information Security. International Journal of Information Science and Technology, 7, 1-17. https://www.innove.org/ijist/index.php/ijist/article/view/213
[3]
Ajzen, I. (2020). The Theory of Planned Behavior: Frequently Asked Questions. Human Behavior and Emerging Technologies, 2, 314-324. https://doi.org/10.1002/hbe2.195 https://onlinelibrary.wiley.com/doi/abs/10.1002/hbe2.195
[4]
Aksoy, C. (2024). Building a Cyber Security Culture for Resilient Organizations against Cyber Attacks. İşletme Ekonomi veYönetimAraştırmalarıDergisi, 7, 96-110. https://doi.org/10.33416/baybem.1374001
[5]
Al Amosh, H., & Khatib, S. F. A. (2024). Cybersecurity Transparency and Firm Success: Insights from the Australian Landscape. Australian Economic Papers. https://doi.org/10.1111/1467-8454.12385
[6]
Aniebonam, E. E., Chukwuba, K., Toromade, A. S., & Ekpobimi, H. (2025). Transformational Leadership and Cyber-Security Innovation: How Visionary Leaders Drive Technological Progress and Security. International Journal of Multidisciplinary Research and Growth Evaluation, 6, 1729-1742. https://doi.org/10.54660/.ijmrge.2025.6.1-1729-1742
[7]
Astarita, V., Guido, G., Haghshenas, S. S., & Haghshenas, S. S. (2024). Risk Reduction in Transportation Systems: The Role of Digital Twins According to a Bibliometric-Based Literature Review. Sustainability, 16, Article No. 3212. https://doi.org/10.3390/su16083212
[8]
Chaudhary, S. (2024). Driving Behaviour Change with Cybersecurity Awareness. Computers & Security, 142, Article ID: 103858. https://doi.org/10.1016/j.cose.2024.103858
[9]
Edwards, J., & Weaver, G. (2024). The Cybersecurity Guide to Governance, Risk, and Compliance. John Wiley & Sons. https://doi.org/10.1002/9781394250226
[10]
Evripides, G., Loizou, C. P., & Christodoulides, P. (2024). Using Structural Equation Modeling and Intima-Media Complex Texture Features to Assess Cardiovascular Disease Risk in the Common Carotid Artery. Results in Engineering, 24, Article ID: 103613. https://doi.org/10.1016/j.rineng.2024.103613
Feraru, I., & Bacali, L. (2024). Explore the Intersection of Self-Determination Theory and Cybersecurity Education—A Literature Review. International Journal of Advanced Statistics and IT&C for Economics and Life Sciences, 14, 55-77. https://doi.org/10.2478/ijasitels-2024-0017
[13]
Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A Meta-Analysis of Research on Protection Motivation Theory. Journal of Applied Social Psychology, 30, 407-429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
[14]
Hadi, S., Setiawati, L., Kirana, K. C., Lada, S. B., & Rahmawati, C. H. T. (2024). The Effect of Digital Leadership and Organizational Support on Innovative Work Behavior: The Mediating Role of Emotional Intelligence. Calitatea, 25, 74-83.
[15]
Hakimi, M., Quchi, M. M., & Fazil, A. W. (2024). Human Factors in Cybersecurity: An In-Depth Analysis of User Centric Studies. JurnalIlmiahMultidisiplin Indonesia, 3, 20-33. https://doi.org/10.58471/esaprom.v3i01.3832
[16]
Haney, J., & Lutters, W. (2025). From Compliance to Impact: Tracing the Transformation of an Organisational Security Awareness Programme. Cyber Security: A Peer-Reviewed Journal, 8, 110-130. https://doi.org/10.69554/njya9034
[17]
Harvey, C. J. (2024). Cybersecurity Heroism. In Encyclopedia of Heroism Studies (pp. 374-376). Springer International Publishing. https://doi.org/10.1007/978-3-031-48129-1_69
[18]
Hossain, M. T., Hossen, M. Z., Badal, F. R., Islam, M. R., Hasan, M. M., Ali, M. F. et al. (2024). Next Generation Power Inverter for Grid Resilience: Technology Review. Heliyon, 10, e39596. https://doi.org/10.1016/j.heliyon.2024.e39596
[19]
Huang, B. (2024). Navigating Digital Divide: Exploring the Influence of Ideological and Political Education on Cyber Security and Digital Literacy Amid Information Warfare. Current Psychology, 43, 23815-23836. https://doi.org/10.1007/s12144-024-06106-1
[20]
Hwang, I., & Seo, R. (2025). Mitigating Security Stress: Exploring the Contingent Role of Collaborative Communication in Enhancing Information Security Compliance. Computers & Security, 151, Article ID: 104326. https://doi.org/10.1016/j.cose.2025.104326
[21]
Itani, D., Itani, R., Eltweri, A. A., Faccia, A., & Wanganoo, L. (2024). Enhancing Cybersecurity through Compliance and Auditing: A Strategic Approach to Resilience. In 2024 2nd International Conference on Cyber Resilience (ICCR) (pp. 1-10). IEEE. https://doi.org/10.1109/iccr61006.2024.10532959
[22]
Lagap, U., & Ghaffarian, S. (2024). Digital Post-Disaster Risk Management Twinning: A Review and Improved Conceptual Framework. International Journal of Disaster Risk Reduction, 110, Article ID: 104629. https://doi.org/10.1016/j.ijdrr.2024.104629
[23]
Lengnick-Hall, C. A., Beck, T. E., & Lengnick-Hall, M. L. (2011). Developing a Capacity for Organizational Resilience through Strategic Human Resource Management. Human Resource Management Review, 21, 243-255. https://doi.org/10.1016/j.hrmr.2010.07.001
[24]
Mishra, R. K., & Agarwal, R. (2024). Impact of Digital Evolution on Various Facets of Computer Science and Information Technology. In Digital Evolution: Advances in Computer Science and Information Technology (pp. 17-57). Bhumi Publishing.
[25]
Mohammed, A., Sundararajan, S., & Kumar, S. (2024). Enhancing Human-Centered Security in Industry 4.0: Navigating Challenges and Seizing Opportunities. In Artificial Intelligence Solutions for Cyber-Physical Systems (pp. 214-235). Auerbach Publications. https://doi.org/10.1201/9781032694375-12
[26]
Nguyen, T. T., Tran, T. N. H., Do, T. H. M., Dinh, T. K. L., Nguyen, T. U. N., & Dang, T. M. K. (2024). Digital Literacy, Online Security Behaviors and E-Payment Intention. Journal of Open Innovation: Technology, Market, and Complexity, 10, Article ID: 100292. https://doi.org/10.1016/j.joitmc.2024.100292
[27]
Rane, N., Choudhary, S. P., & Rane, J. (2024). Acceptance of Artificial Intelligence: Key Factors, Challenges, and Implementation Strategies. Journal of Applied Artificial Intelligence, 5, 50-70. https://doi.org/10.48185/jaai.v5i2.1017
[28]
Schein, E. H. (2010). Organizational Culture and Leadership (4th ed.). Jossey-Bass. https://search.worldcat.org/title/1336196580
[29]
Trist, E., Pasmore, W. A., & Sherwood, J. J. (1960). Socio-Technical Systems. Tavistock. https://www.lmmiller.com/wp-content/uploads/2013/06/The-Evolution-of-Socio-Technical-Systems-Trist.pdf
[30]
Varlik, S. (2024). Entrepreneurship and Innovation in Science Teachers: What Happens without Work-Life Balance and Organizational Support? Moderated Mediation Model. Pegem Journal of Education and Instruction, 14, 322-336. https://pegegog.net/index.php/pegegog/article/view/3471
[31]
Wani, T. A., Mendoza, A., & Gray, K. (2024). BYOD Security Practices in Australian Hospitals—A Qualitative Study. In A. Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust (pp. 138-158). Springer. https://doi.org/10.1007/978-3-031-61379-1_10
[32]
Zanke, A., Weber, T., Dornheim, P., & Engel, M. (2024). Assessing Information Security Culture: A Mixed-Methods Approach to Navigating Challenges in International Corporate IT Departments. Computers & Security, 144, Article ID: 103938. https://doi.org/10.1016/j.cose.2024.103938
