Cyber Security for Psychology Erasmus Project

Project Title

Cyber Security for Psychology

Project Key Action

This project related with these key action: Cooperation for innovation and the exchange of good practices

Project Action Type

This project related with this action type : Strategic Partnerships for higher education

Project Call Year

This project’s Call Year is 2020

Project Topics

This project is related with these Project Topics: Overcoming skills mismatches (basic/transversal); New innovative curricula/educational methods/development of training courses; Research and innovation

Project Summary

Digitalization affects every aspect of human lives. There are weekly, if not daily news on major data breaches of small, medium and large companies. Studies show that 3 out of 4 SMEs have experienced at least one major cyber attack in the last year.Traditionally, cybersecurity has been viewed as a technological challenge, for which soft-and hardware solutions were key. However, in recent years, the focus has moved from the technological to the human aspect of cybersecurity. E.g., the European Parliament (2018) recognized in its report on cyber defense “[…] that human error is one of the most frequently identified weaknesses in cybersecurity systems […]”. With human error and cyber attacks aimed at individuals occurring daily and causing billions Euros of losses yearly, there is a strong need to solve cybersecurity issues on this level.
Traditionally, computer scientists aimed to solve these weaknesses in the architecture of software.However, if a software asks for a strong password, leading to employees writing passwords on post-its sticked to their monitors, the improved software security is becoming obsolete. Instead of trying to solve security issues caused by humans with technological solutions, or reinventing the wheel, a better solution is to look at existing scientific knowledge and work with experts on human behaviour: psychologists. Knowledge from psychology can create more effective awareness campaigns, improve compliance with security policies through tried and tested behavioural change interventions, and help training people in detecting social cyber attacks.Psychological expertise could lead to improved individual cybersecurity, safer organisations, and a better functioning society.To achieve this, working with psychologists is key as they are trained to describe, understand and solve human behaviour issues. Implementing expertise of psychologists into the cybersecurity field, organizations can apply existing psychological theories and best practices to cybersecurity problems. Although all stakeholders -from SMEs,governments to large tech companies- have realized that there is a clear demand for psychological knowledge to be applied to organizations’ challenges to cybersecurity, organizations are currently rather employing computer scientists with at best “newcomer” knowledge of psychology, as psychology as a field has not yet embraced cybersecurity as a viable career path.
This scarcity of psychologists knowledgeable in cybersecurity is a result of a lack of research and training in this field.Although there are individuals working at the intersection of psychology and cybersecurity, there is a skills gap for current psychology graduates, as traditional bachelor or master psychology curricula do not include cybersecurity topics, nor are there bachelor/master thesis written on the topic to immerse students in the topic. As psychology lecturers typically utilize research results for their teaching, this lack of focus on cybersecurity might be the result of a lack of awareness for the topic.
As cyber threats affect every citizen’s life at work and outside,there is clearly a need for skilled psychology graduates who can help prevent cyber attacks, increase (inter-)national cyber resilience, and advance our understanding of psychological topics in cybersecurity. This creates a necessity to put cybersecurity on the landscape of psychologists’ career paths and establish it as an important and fruitful avenue for teaching and research (e.g., through empirical bachelor/master thesis written on the topic) and as an attractive career option for psychologists.
There are three target groups with the following needs:
Students: Need new adaptive knowledge and skills in order to be prepared for evolving career paths of cybersecurity psychology
Organizations: Need for evidence-based cybersecurity psychology knowledge and solutions
Lecturers/Researchers: Need for teaching and training material and overview over fruitful research avenues in cybersecurity psychology for students to work on in their bachelor/master thesis

Hence, the main objectives of the project are:
1. Establish cybersecurity as a career path for psychology graduates through awareness raising and training activities
2. Reduce skills gap in cybersecurity by creating ready-to-use teaching and training concepts as well as a research and training agenda
3. Develop a set of international state-of-the art modules, addressing educational and labour-market needs
4. As a long-term objective, a network of cybersecurity psychologists across Europe is initiated and keeps growing

This project will utilize approaches to create a comprehensive overview over the state of cybersecurity psychology, will generate teaching and training content targeted at attracting psychology students towards cybersecurity, conduct transnational summer schools to train first batches of cybersecurity psychology experts and share knowledge on (inter-)national platforms

EU Grant (Eur)

Funding of the project from EU: 349504 Eur

Project Coordinator

UNIVERSITAT DES SAARLANDES & Country: DE

Project Partners

• CISPA – HELMHOLTZ-ZENTRUM FUER INFORMATIONSSICHERHEIT GGMBH
• UNIVERSITEIT LEIDEN
• TALLINNA TEHNIKAULIKOOL