This annotated bibliography highlights how human behavior, institutional policy, and social science theories intersect with cybersecurity. The sources explore phishing, cybercrime motivation, policy shortcomings, and digital behavior, showing that effective cybersecurity solutions must go beyond technology to include social and behavioral insight.

Nicholas Dorsey

28 June 2025

Social Science and Cybersecurity

Adu-Manu, K. S., Ahiable, R. K., Appati, J. K., & Mensah, E. E. (2022). Phishing Attacks in Social Engineering: A Review. Journal of Cyber Security, 4(4), 239–267. https://doi.org/10.32604/jcs.2023.041095

This article intends to provide an in-depth analysis of phishing attacks, one of the most iconic cybercrimes related to social engineering in general terms. The authors reveal forms of cybercrime and classification of social engineering techniques as an application. The most important part of the paper clearly talks about human characteristics, which lead to people being susceptible to these attacks, such as unawareness, emotional manipulation, and trust. Contrary to several studies that only name phishing types, this paper discusses social and psychological factors influencing victim behavior and suggests technical and non-technical solutions to fight phishing.

Meanwhile, the authors themselves are qualified researchers in cybersecurity, and the study has also been published as a peer-reviewed journal. Further, the article is stuffed with recent research and references, so it stands on a stable academic ground. The article is also well organized and well-articulated in an understandable language, with proper illustrative examples and statistics. On top of this, it’s also current in terms of information, including the insidious influence of the COVID-19 work-from-home shift, thus making the article extremely relevant to today’s cyberspace. 

In the end, this article comes in handy, especially for understanding how psychological and social vulnerabilities intersect with technology concerning cybersecurity. In other words, it builds an obvious bridge between human behavior and technical attacks and shows how social sciences and cybersecurity work hand in hand. This source, therefore, will be important in discussing the social engineering aspect of cybersecurity for the final paper, primarily when considering human-based weaknesses within digital security.

Onwuadiamu, G. (2025). Cybercrime in Criminology: A Systematic Review of criminological theories, methods, and concepts. Journal of Economic Criminology, 8, 100136. https://doi.org/10.1016/j.jeconc.2025.100136

This piece is a review of how people view the concept of cybercrime in the broad field of criminology. The author sheds light on specific theories under criminology, such as Routine Activity Theory, Strain Theory, and Social Learning Theory, all of which try to inform cybercriminal behavior. The article also highlights some criticisms against criminologists, including the complicated nature of applying these theories to a digital context, a lack of operationalization, definitions, and access to data. On top of this, the article then calls for new methods that should be developed to better reflect the nature of crime in cyberspace, citing how the field of criminology must evolve to remain relevant in cybersecurity studies.

Furthermore, the article also has great credibility as it is systematic and evidence-based. It follows PRISMA principles for systematic reviews and cites more than 100 studies from various academic sources. It is also a highly recognized and peer-reviewed journal within criminology. The author summarizes trends in the use of criminological theories in a systematic way, especially those that directly affect behavioral motivations and socioeconomic conditions.

On the other hand, this article contributes considerably to showing how social science views (especially criminology) and explains cybercrime. As a result, the article will help in supporting the final paper’s arguments, especially the theoretical background and the understanding of (and around) criminal activities associated with cyber crimes. This is particularly beneficial because, while technology may change, the sociological drives of crimes usually do not.

Arief, A. R. (2022). An Analysis of Cybersecurity Policies and Practices in Public Administration. 2(2), 56–62. https://doi.org/10.55885/jprsp.v2i2.211

Arief’s article examines cybersecurity policy development within a public administration context. The study is about implementing security measures, such as access control, staff training, and vulnerability evaluation by a governmental institution. Also, it’s all fine that technical systems are established; however, human behavior and organizational culture need to be put into the mix to secure digital environments properly. The results also show vulnerabilities due to a lack of awareness or careless execution of policies, even though the technical requirements and defenses are in place.

Further, the author works with actual organizational data and recommends integrating technical and social science strategies such as cultural change, improved communications, and role-based access control. Although the research is relatively short, it is well supported by credible references and is analytically valid. Finally, the article is a peer-reviewed and scholarly public policy journal, proving its academic integrity.

In the end, this study is helpful because it discusses cybersecurity from a policy perspective, a commonly considered space of interest with other disciplines such as sociology and political science. It contributes by giving insight into how governments and organizations approach security, not just with tools but also through people, processes, and decision-making. This article will help shape the final discussion on the institutional side of cybersecurity – the point at which social dynamics and administration meet.

Lee, C. S., & Chua, Y. T. (2023). The Role of Cybersecurity Knowledge and Awareness in Cybersecurity Intention and Behavior in the United States. Crime & Delinquency, 70(9). https://doi.org/10.1177/00111287231180093

In their study, Lee and Chua determine how education, socio-economic background, gender, and ICT exposure influence how people in the U.S. behave and make decisions regarding cybersecurity behavior. In the article, there is an assertion that people with good digital knowledge and general awareness are less involved in risky online behaviors. Factors including income, level of education, and gender also contribute to the possibility of individuals ‘ perception and response to potential cyber threats. The study was founded on a survey of hundreds of respondents, and statistics were used to check the tendencies of behavior and awareness.

In terms of its credibility, the article appears in the journal Crime & Delinquency, which is considered the most popular and acknowledged platform in academia, criminology, and behavioral science.  On top of this, this work has an excellent research design, an evident approach, and a valid conclusion that considers extensive, empirical data that was examined on national samples. Meanwhile, having made this classification, it is critical to mention that although the author’s language is simple and devoid of technicalities, it does retain a scholarly feel.

Finally, the paper fits the discussion well as it focuses on the link between cybersecurity and human behavior in social science methods with the aid of surveys, demographics, and behavioral indicators. Also, it provides practical evidence of how social structures, like education systems and income levels, impact digital safety. As a result, this will significantly support arguments in the final paper, especially on the importance of human-focused education in preventing cybercrime.

Conclusion

All four scholarly sources demonstrate the critical relationships between social sciences and cybersecurity. They touch on various parts such as human psychology, criminological theory, public policy, and behavior predictors. These articles confirm that technology alone cannot solve cybersecurity problems; social awareness, institutional structures, and human interactions also play equally significant roles. These materials will provide a balanced ground for examining cybersecurity from a social scientific perspective.

References

Adu-Manu, K. S., Ahiable, R. K., Appati, J. K., & Mensah, E. E. (2022). Phishing Attacks in Social Engineering: A Review. Journal of Cyber Security, 4(4), 239–267. https://doi.org/10.32604/jcs.2023.041095

Arief, A. R. (2022). An Analysis of Cybersecurity Policies and Practices in Public Administration. 2(2), 56–62. https://doi.org/10.55885/jprsp.v2i2.211

Lee, C. S., & Chua, Y. T. (2023). The Role of Cybersecurity Knowledge and Awareness in Cybersecurity Intention and Behavior in the United States. Crime & Delinquency, 70(9). https://doi.org/10.1177/00111287231180093

Onwuadiamu, G. (2025). Cybercrime in Criminology: A Systematic Review of criminological theories, methods, and concepts. Journal of Economic Criminology, 8, 100136. https://doi.org/10.1016/j.jeconc.2025.100136