Human Factor in Cybersecurity: Cyber Education as a Systemic Response to Growing Threats in the Digital Space of Ukraine and the EU
DOI:
https://doi.org/10.31861/mediaforum.2025.17.328-346Keywords:
cybersecurity, cybersecurity education, Ukraine, EU, human factor, digital resilience, EnCycLEd, CERT-UA, ENISAAbstract
This article addresses a critical vulnerability in contemporary cybersecurity defenses: the persistent dominance of human factors as the primary vector in successful cyberattacks across Ukraine, the European Union, and globally, despite substantial investments in technical security infrastructure. Empirical evidence from authoritative sources, including Verizon, the World Economic Forum, CERT-UA, and ENISA, consistently identifies that most cybersecurity breaches involve human elements encompassing insider errors and psychological manipulation, with phishing and social engineering accounting for the majority of intrusion entry points. Ukraine’s decade-long trajectory of escalating cyber threats – from the 2014 Crimea operations through the catastrophic 2017 NotPetya campaign to sustained high-tempo operations during Russia’s 2022–2025 full-scale invasion – demonstrates that adversaries systematically exploit human cognitive vulnerabilities rather than relying exclusively on technical sophistication. Similarly, the European Union faces a diverse threat landscape affecting critical infrastructure. This article argues that cybersecurity policy and practice exhibit a strategic misalignment: while technical defenses have matured substantially, educational frameworks addressing human behavioral vulnerabilities remain fragmented, episodic, and sometimes disconnected from real-world attack patterns. The article frames cybersecurity education not as a mere technical skill domain but as a fundamental dimension of digital citizenship and organizational resilience. It presents the EnCycLEd Erasmus+ project – a cross-border educational initiative that brings together partners from five European countries (Germany, Austria, Greece, Malta, and Ukraine) – as a concrete implementation model demonstrating how cybersecurity literacy can be mainstreamed into general school curricula through interactive, story-driven, age-segmented educational resources grounded in pedagogy and real-world threat patterns. The article employs multi-method research combining quantitative threat intelligence analysis, previous cyber incident narrative analysis, threat landscape characterization, and case study examination to establish that human-centered cybersecurity education constitutes a necessary complement to technical defenses and a strategic policy imperative for institutional and societal resilience in an interconnected digital environment.
Downloads
References
BBC. 2016. Hackers behind Ukraine power cuts, says US report. https://www.bbc.com/news/technology-35667989
Bötticher, Astrid. 2024. “Evaluating the need for cybersecurity teaching materials for schools”. Future Law Working Papers. https://www.uibk.ac.at/media/filer_public/b8/d6/b8d66b87-8128-4909-9847-ae8979eab394/flwp_2024_4_final.pdf
Burdiak, Pavlo. 2019. "The role of cyber space in the geopolitical confrontation between Ukraine and Russia". Chernivtsi, The materials of XIII International conference for students and young scientists "Foreign policy of Ukraine: current agenda", pp. 24-26. https://drive.google.com/file/d/1tvrWPWN4w4dSrJveZcZ71Io8TylbW_A9/view
Burdiak, Pavlo. 2024. "A Malicious Alliance: How Cyberattacks and Disinformation are Synchronously Destabilizing the Digital Space of Ukraine in the Face of Russian Aggression". CEDEM. https://cedem.org.ua/wp-content/uploads/2024/12/CEDEM_cyberdis_eng.pdf
CISA. 2021. "Cyber-Attack Against Ukrainian Critical Infrastructure". https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01
Cloudflare. n.d. What are Petya and NotPetya? Accessed December 1, 2025. https://www.cloudflare.com/learning/security/ransomware/petya-notpetya-ransomware/
ENISA. 2025. “Threat Landscape report 2025.” https://www.enisa.europa.eu/sites/default/files/2025-11/ENISA%20Threat%20Landscape%202025_0.pdf
Harris, Shane. 2014. "Hack Attack Russia’s first targets in Ukraine: its cell phones and Internet lines." Foreign Policy. https://foreignpolicy.com/2014/03/03/hack-attack/
HYPR, n.d. NotPetya. HYPR Encyclopedia. Accessed December 1, 2025. https://www.hypr.com/security-encyclopedia/notpetya
Polityuk, Pavel, and Jim Finkle. 2014. "Ukraine says communications hit, MPs phones blocked". Reuters. https://www.reuters.com/article/world/ukraine-says-communications-hit-mps-phones-blocked-idUSBREA231R2/
Przetacznik, Jakub, and Simona Tarpova. 2022. "Russia’s war on Ukraine: Timeline of cyber-attacks." European Parliament Briefing. https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/733549/EPRS_BRI%282022%29733549_EN.pdf
State Service of Special Communications and Information Protection of Ukraine. 2024. "Russian Cyber Operations." https://cip.gov.ua/services/cm/api/attachment/download?id=68768
Verizon. 2024. “Data Breach Investigations Report”. https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
World Economic Forum. 2022. “The Global Risks Report 2022”. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
Horun, O. 2025. “Kiberzahrozy Ukrayiny v umovakh ahresiyi RF”. Informatsiya i pravo. http://il.ippi.org.ua/article/view/340520 (In Ukrainian).
Derzhavna sluzhba spetsialʹnoho zv'yazku ta zakhystu informatsiyi Ukrayiny. 2025. Ohlyad kiberzahroz ta stratehiy zakhystu v 2025 rotsi: dosvid CERT-UA. https://cip.gov.ua/ua/faqs/cyber-threat-overview-and-defense-strategies-in-2025-cert-ua-s-experience (In Ukrainian).
Kozubtsova, Lesya, Lishchyna Valeriy, i Kozubtsov Ihor. 2025. “Vid obiznanosti do upravlinnya: Kontseptsiya lyudsʹkykh ryzykiv v systemi kiberzakhystu”. Kiberbezpeka: osvita, nauka, tekhnika. https://csecurity.kubg.edu.ua/index.php/journal/article/view/895/810 (In Ukrainian).
Published
Issue
Section
How to Cite
