Loiseau, Hugo, Daniel Ventre, and Hartmut Aden (eds.). Cybersecurity in Humanities and Social Sciences: A Research Methods Approach. London: ISTE/Wiley, 2020.

Introduction

The growing centrality of cybersecurity in global political, economic, and social systems has generated a significant body of research across disciplines. While technical and engineering perspectives have long dominated the field, the humanities and social sciences (HSS) increasingly contribute essential analytical frameworks for understanding cybersecurity as a socio-political, legal, and cultural phenomenon. Cybersecurity in Humanities and Social Sciences: A Research Methods Approach, edited by Hugo Loiseau, Daniel Ventre, and Hartmut Aden, responds directly to this interdisciplinary need. As the first volume in the Cybersecurity Set, the book provides a methodological foundation for researchers seeking to examine cybersecurity through non-technical lenses.

This edited volume aims to clarify how cybersecurity can be studied within HSS disciplines and to equip researchers—particularly graduate students and early-career scholars—with the conceptual and methodological tools necessary to conduct rigorous research in this evolving field. Rather than focusing on operational or purely technical concerns, the editors emphasize epistemological, theoretical, and methodological dimensions.

Overview and Structure

The book is organized around methodological inquiry. It addresses fundamental questions: How is cybersecurity defined within different disciplines? What research designs are most appropriate for studying cyber phenomena? How can scholars integrate qualitative and quantitative approaches in cybersecurity research?

The chapters are written by contributors from diverse academic backgrounds, including political science, sociology, law, international relations, and security studies. This disciplinary diversity reinforces one of the volume’s central arguments: cybersecurity is not merely a technical issue but a complex socio-political construct shaped by institutional practices, legal frameworks, strategic cultures, and societal perceptions.

The structure of the book progresses logically. Early chapters establish theoretical and definitional foundations, examining how cybersecurity has been conceptualized in academic discourse. Subsequent chapters focus on methodological approaches, such as document analysis, case studies, comparative methods, and policy analysis. Some chapters also explore empirical research designs for studying cyber-espionage, cyber-risk governance, and public policy responses.

Key Themes

1. Cybersecurity as a Social and Political Construct

One of the book’s most important contributions is its insistence that cybersecurity must be understood as a socially constructed domain. Rather than treating cyber threats as objective technical facts, the contributors highlight how threat narratives, institutional interests, and political agendas shape cybersecurity policies. This approach aligns with constructivist and critical security studies traditions, which emphasize discourse, securitization processes, and power relations.

By situating cybersecurity within broader security studies debates, the volume challenges technocentric assumptions and opens space for critical inquiry into how cybersecurity policies are legitimized and institutionalized.

2. Interdisciplinarity and Methodological Pluralism

A central strength of the volume lies in its methodological pluralism. The editors do not advocate for a single dominant approach; instead, they present multiple research strategies suitable for HSS scholars. These include qualitative case studies, discourse analysis, institutional analysis, comparative research, and mixed-method designs.

The book underscores the importance of aligning research questions with appropriate methodological tools. For example, analyzing national cybersecurity strategies may require document analysis and policy evaluation, while studying cyber norms in international relations may benefit from discourse analysis and qualitative interviews. This emphasis on methodological rigor enhances the book’s pedagogical value.

3. Bridging Theory and Practice

Another significant theme is the relationship between academic research and policy practice. Several chapters discuss how cybersecurity research can inform public policy and governance. The contributors examine regulatory frameworks, institutional arrangements, and risk management strategies, demonstrating that HSS research has practical relevance.

Importantly, the book does not present policy engagement as uncritical endorsement. Instead, it encourages reflective analysis of how institutions construct risk and implement cybersecurity measures. This critical stance strengthens the academic integrity of the volume.

Critical Evaluation

While the volume succeeds in establishing a strong methodological foundation, certain limitations deserve consideration.

First, as an edited collection, the coherence between chapters varies. Although the overarching theme of research methods provides unity, some chapters differ in depth and analytical clarity. A more explicit integrative conclusion synthesizing methodological insights across chapters would have strengthened the overall cohesion.

Second, the book primarily reflects European academic perspectives, particularly in its institutional and policy discussions. While this focus is understandable given the editors’ backgrounds, a broader inclusion of non-Western perspectives could have enriched the comparative dimension of cybersecurity research. Cybersecurity governance differs significantly across global contexts, and a more globalized methodological discussion would enhance the book’s applicability.

Third, while the book thoroughly addresses qualitative methodologies, quantitative approaches receive comparatively less detailed attention. Given the increasing availability of cyber incident datasets and digital trace data, a more extensive treatment of quantitative and computational methods might have expanded the methodological toolkit presented.

Despite these limitations, the volume’s contributions outweigh its shortcomings. Its clarity in defining research strategies and its commitment to interdisciplinary dialogue make it a valuable resource.

Contribution to Cybersecurity Studies

The significance of Cybersecurity in Humanities and Social Sciences lies in its positioning of HSS scholarship as indispensable to cybersecurity research. In a field often dominated by technical expertise, this volume asserts that legal frameworks, political institutions, social norms, and cultural narratives are equally central to understanding cyber threats and responses.

The book also contributes to the institutionalization of cybersecurity as an academic field within the humanities and social sciences. By providing structured methodological guidance, it supports the development of doctoral research, research programs, and interdisciplinary curricula.

Moreover, the volume reflects broader trends in security studies that emphasize the human dimension of security. Cybersecurity is shown not merely as a matter of protecting networks but as an issue intertwined with sovereignty, governance, civil liberties, and international order.

Strengths and Weaknesses

Strengths

One of the principal strengths of Cybersecurity in Humanities and Social Sciences: A Research Methods Approach is its clear methodological orientation. Unlike many cybersecurity publications that prioritize technical analysis, this volume systematically addresses how research in the humanities and social sciences should be designed and conducted. The explicit discussion of research strategies, data sources, and analytical frameworks makes the book particularly valuable for graduate students and early-career researchers.

A second notable strength lies in its interdisciplinary scope. By bringing together scholars from political science, sociology, law, and security studies, the volume reflects the complexity of cybersecurity as a field that transcends disciplinary boundaries. This interdisciplinary engagement enhances the analytical depth of the book and encourages readers to approach cybersecurity as a multidimensional phenomenon.

Furthermore, the book successfully bridges theory and practice. It does not confine itself to abstract conceptual debates but also considers institutional arrangements, public policy, and governance mechanisms. This balance increases its relevance for both academic and policy-oriented audiences.

Finally, the structured and pedagogical nature of the volume is commendable. The chapters are organized in a way that guides readers from foundational theoretical questions to applied methodological discussions, making it suitable for coursework and research training.

Weaknesses

Despite its strengths, the volume presents certain limitations. As an edited collection, the coherence between chapters is not entirely uniform. While all contributions relate to research methodology, some chapters vary in analytical depth and focus, which occasionally disrupts the thematic consistency of the book.

Additionally, the geographical scope is somewhat limited. Much of the discussion reflects European institutional and policy contexts. A broader inclusion of perspectives from other regions—such as Asia, Africa, or Latin America—would have strengthened the comparative dimension and expanded the global applicability of the methodological insights.

Another limitation concerns the relatively limited engagement with quantitative and computational research methods. Given the increasing importance of big data, cyber incident databases, and digital forensics in cybersecurity research, a more detailed exploration of quantitative methodologies would have enhanced the comprehensiveness of the methodological framework presented.

Conclusion

Cybersecurity in Humanities and Social Sciences: A Research Methods Approach is a timely and intellectually rigorous contribution to the field of cybersecurity studies. Edited by Hugo Loiseau, Daniel Ventre, and Hartmut Aden, the volume successfully bridges disciplinary boundaries and offers a comprehensive methodological framework for HSS researchers.

Although certain areas—such as global diversity and quantitative methodologies—could have been further developed, the book remains an essential reference for scholars seeking to analyze cybersecurity beyond technical parameters. Its emphasis on theoretical clarity, methodological rigor, and interdisciplinary engagement makes it particularly valuable for graduate students and early-career researchers.

Overall, the volume advances the argument that cybersecurity is not solely a technological challenge but a deeply social and political phenomenon requiring analytical tools from across the humanities and social sciences. As such, it occupies an important place in the evolving academic landscape of cybersecurity research.

You can learn more about: https://books.google.com/books?hl=en&lr=&id=5DsCEAAAQBAJ&oi=fnd&pg=PR9&dq=cyber+security+%26+social+sciences&ots=WJXo8vdSp-&sig=jpwW1EBOpDqQTpnas7v1P1Hjw1g#v=onepage&q&f=false

Integrating Social Science into Cybersecurity Education for Social Engineering Awareness

Conference: The 3rd International Conference on Education Innovation and Social Science (2024)
ISSN (Online): 2961-9602

Introduction

The increasing sophistication of cyber threats has revealed a persistent reality: technological defenses alone are insufficient to ensure cybersecurity. A significant proportion of contemporary cyberattacks exploit human vulnerabilities rather than technical flaws. The article presented at The 3rd International Conference on Education Innovation and Social Science (2024) addresses this critical issue by advocating for the integration of social science principles into cybersecurity education. The central argument of the paper is that disciplines such as psychology, sociology, and anthropology provide essential insights into human behavior and social dynamics, which are fundamental to understanding and mitigating social engineering attacks.

By employing a multidisciplinary framework, the article positions cybersecurity education as not merely a technical training exercise but as a behavioral and cultural transformation process. This perspective reflects growing scholarly recognition that the “human element” is often the weakest link in cybersecurity (Verizon, 2023).

Summary of the Article

The article begins by emphasizing the importance of incorporating social science knowledge into cybersecurity awareness programs. Social engineering attacks frequently rely on psychological manipulation strategies, including authority, urgency, reciprocity, scarcity, and social proof (Cialdini, 2006). By understanding these principles, individuals can become more resilient to deceptive tactics such as phishing, business email compromise (BEC), and impersonation schemes.

The authors employ a secondary research methodology, synthesizing data from academic literature, case studies, industry surveys, and expert opinions. This methodological approach enables a broad examination of existing research and practical initiatives. For example, the paper references findings from ISACA surveys indicating that many organizations do not provide regular or effective social engineering training. Additionally, the Verizon (2023) Data Breach Investigations Report is cited to demonstrate that 85% of data breaches involve a human element, underscoring the urgency of educational reform.

The article also discusses the global financial impact of social engineering attacks. According to reports from the FBI’s Internet Crime Complaint Center (IC3), BEC scams have resulted in billions of dollars in losses globally. These statistics reinforce the argument that cybersecurity awareness must extend beyond technical defenses to address behavioral vulnerabilities.

A significant portion of the article focuses on the Indonesian context, noting that the country’s rapid digital transformation and high internet penetration increase exposure to cyber threats. Despite widespread internet use, cybersecurity awareness programs remain limited, heightening the risk of social engineering victimization.

To address these challenges, the article proposes innovative educational strategies. These include gamification, scenario-based learning, phishing simulation programs, behavioral analytics, machine learning–driven adaptive training systems, and collaboration with social science experts. Furthermore, the authors present a structured curriculum framework tailored to children, teenagers, and adults. This framework integrates psychological, sociological, and anthropological insights while adapting content to cognitive development stages and social contexts.

Critical Analysis

The article’s primary contribution lies in its interdisciplinary orientation. By framing cybersecurity education through the lens of social science, the authors challenge the traditional technocentric approach that dominates much of cybersecurity discourse. This perspective aligns with previous research highlighting the behavioral dimensions of information security (Anderson & Moore, 2009; Bada et al., 2019).

The use of secondary research methodology is appropriate given the study’s objective of synthesizing existing knowledge. By drawing from reputable sources such as Verizon (2023), Cialdini (2006), and other established scholarship on phishing and persuasion, the article grounds its arguments in well-documented empirical evidence. This strengthens the credibility and academic rigor of the discussion.

One particularly strong aspect of the article is its emphasis on innovative and engaging educational methods. Gamification and scenario-based training reflect contemporary pedagogical approaches that enhance learner engagement and knowledge retention (Mather & Young, 2019). Phishing simulation programs, as discussed in the article, offer practical opportunities for experiential learning and behavioral reinforcement. Such applied strategies demonstrate the authors’ commitment to bridging theory and practice.

The structured curriculum design for different age groups represents another valuable contribution. By recognizing developmental differences between children, teenagers, and adults, the article demonstrates pedagogical sensitivity and adaptability. The integration of anthropological and cultural insights further strengthens the framework, particularly in diverse or multinational contexts.

However, the article also presents certain limitations. As a secondary research study, it does not incorporate original empirical data or primary fieldwork. While the synthesis of existing research is comprehensive, the absence of primary research limits the study’s originality and empirical contribution. Future research could benefit from experimental studies, surveys, or longitudinal evaluations to assess the effectiveness of proposed educational interventions.

Additionally, some of the technological recommendations—such as machine learning–based personalized training systems—are discussed at a conceptual level without detailed feasibility analysis or cost considerations. A more critical evaluation of implementation challenges would enhance the practical applicability of these proposals.

Finally, although the Indonesian context is mentioned as a motivating example, the analysis remains somewhat general. A more detailed examination of national policies, institutional frameworks, or cultural factors specific to Indonesia would have strengthened the contextual dimension of the paper.

Strengths and Weaknesses

Strengths

The article’s greatest strength lies in its holistic and interdisciplinary approach. By integrating insights from psychology, sociology, and anthropology, it offers a comprehensive framework for addressing social engineering threats.

The inclusion of empirical data from reputable industry reports enhances the credibility of the argument.

The practical orientation of the recommendations—particularly gamification, phishing simulations, and adaptive learning—demonstrates strong pedagogical awareness.

The structured curriculum framework tailored to different age groups reflects thoughtful educational design and long-term strategic vision.

Weaknesses

The absence of primary empirical research limits the originality of the study.

Certain technological solutions are discussed without sufficient detail regarding implementation feasibility.

The contextual discussion of Indonesia could be expanded with deeper institutional and cultural analysis.

Conclusion

In conclusion, the article makes a timely and meaningful contribution to cybersecurity education by emphasizing the indispensable role of social science in combating social engineering attacks. By synthesizing academic research, industry reports, and pedagogical strategies, the authors successfully demonstrate that effective cybersecurity defense requires both technical competence and behavioral awareness.

The interdisciplinary framework, innovative educational strategies, and structured curriculum model provide valuable guidance for educators, policymakers, and organizations. Although the study would benefit from primary empirical validation and deeper contextual analysis, it effectively highlights the urgent need to address the human dimension of cybersecurity.

Ultimately, the article reinforces the argument that cybersecurity resilience depends not only on technological safeguards but also on cultivating informed, critically aware, and psychologically resilient individuals. By integrating social science principles into cybersecurity education, institutions can build a more secure and adaptable digital society.

You can learn more about: https://proceedings.ums.ac.id/iceiss/article/view/5086