Cybercriminals rarely have specific targets in mind and often look for targets of opportunity with social engineering based attacks. Many successful attacks can be attributed to human error. Partially due to the difficulty in measurement, there are few analyses of the risk humans pose to cybersecurity.
Fuzzy models are often used in cases with variables that are hard to quantify and that have a high uncertainty. In this case, the model took the inputs of Intention, Tendency, Financial State, Organization state, and Digital competence. The output was the employee’s risk level. The model’s effectiveness is tested with the case of a classified information leak. The model was validated by interviews with professionals, but further validation should be carried out.
