The Emerging Ethical Dilemmas and Cognitive Security Concerns with Personalized Training in Cybersecurity

Authors

Torgersen L.N., Zehnder E., Ask T.F., Schulz S.M.

Reference

Lecture Notes in Computer Science, vol. 15815 LNCS, pp. 242-262, 2025

Description

Research has shown more than 39% of security risks and 95% of successful cyber-attacks involve human factors [1]. The NIS2 directive mandates all users receive cybersecurity training, which supports mitigation of unintentional organizational insider threats [2]. Despite the multitude of cyber training programs available, user cyber vulnerabilities and successful cyber breaches persist [3]. There is an emerging shift in research and literature supporting personalized training for users including Digital Twins technology [4]. However, potential dual outcomes could result from the wealth and depth of personalized data collected on individual users. One outcome supports user cyber awareness and cyber resilient practices, while the other outcome promotes mishandling and unauthorized access to individuals’ private data resulting in increased discrimination, improved targeted socially engineered attacks, and stigma development. As users could be considered a vulnerable population, there is a need to establish an ethical code of conduct for protecting users’ mental privacy, neural integrity and cognitive liberty [5, 6, 7, 8, 9–10]. As organizations have non-disclosure agreements with users to ensure data protection and integrity with its network systems, so should there be an organizational ethical code of conduct to ensure users’ autonomy and protection of users’ neurorights and integrity with personalized cybersecurity training [6].

Link

doi:10.1007/978-3-031-92840-6_14