Behavioral influences on cybersecurity decisions in phishing scenarios: a systematic review
Santhosh Kareepadath Rajan, Japjot Singh, Aswin Rajeev, Richa Abraham, Jasmine Joseph, Sreeja Cherillath SukumaranPurpose
Phishing attacks are prevalent cyber threats that exploit human vulnerabilities to deceive individuals into disclosing sensitive information. This systematic review aims to identify the behavioral determinants – the various factors that influence a person’s behavior, actions and choices, influencing cybersecurity decisions in phishing contexts.
Design/methodology/approach
A systematic search using the preferred reporting items for systematic reviews and meta-analyses framework of three databases – ACM Digital Library, IEE Xplore and Scopus – identified 48 studies published between 2010 and 2025.
Findings
Thematic analysis revealed a complex interplay between internal and external factors influencing phishing susceptibility. Internal factors, broadly classified as cognitive processes, emotional responses and knowledge, shape individual decision-making. Phishing process-driven behavioral responses, influenced by contextual factors and interaction with the phishing attempt, contribute to vulnerability.
Originality/value
This comprehensive understanding could inform the development of multifaceted interventions that address both individual and situational factors to enhance cybersecurity awareness and resilience. The study concludes with a discussion of future research directions.