Annoyed by Cybersecurity? Human-Centric Perspectives on Cybersecurity

Ravdeep Kour^1*Ramin Karim¹Annika Wägenbauer²

• ¹Luleå University of Technology, Luleå, Sweden
• ²Cybersecurity Redefined, Stuttgart, Baden-Württemberg, Germany

Humans play a vital role in designing, developing, implementing, and using technical systems. For this reason, it is crucial to keep humans in the loop at each phase of these systems to make them more secure and user-friendly. There needs to be a balance between using these systems securely and making them easy to use. Today, under pressure to secure our systems from cyberattacks, we primarily focus on making them secure but often overlook making them easy to use. Thus, the objective of this paper is to provide a human-centric perspective on cybersecurity and to introduce a human-centric framework that enables Industry 5.0, where humans have direct interaction with systems and solutions that are more customer-oriented. To carry out this research, the authors have applied the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines to investigate human-centric research over a 10-year period, from 2015 to 2025. The literature shows that most human-centric research contributions are well-balanced, with conceptual, experimental, and survey approaches each accounting for approximately 64% of the total, indicating a mature blend of theoretical and applied research. These studies are focused on developing structured, strategic approaches that integrate human factors into cybersecurity practices across sectors such as education, government, health, software, smart home networks, and others. To conduct this research, the authors have prepared an anonymous questionnaire with fundamental questions about secure system's design, which can be easily used. The evaluation results show that frequent password resets (33.3%) and frequent authentication (26.7%) are the most “annoying” cybersecurity measures. Additionally, most respondents consider biometric login the most user-friendly security feature, followed by single sign-on and automatic security patch updates. What is missing in existing literature and studies is a holistic perspective on human-centrism, beyond mere ease of use. We aim to cover that blind spot by introducing our independently developed framework in this paper.