The Human Dimension Of Cyber Security
Author: Marcelina Horsefield
Cyber security is often framed as a technical problem, one solved with better tools. Yet specialist research from the National Institute of Standards and Technology consistently shows that most security failures originate not with malfunctioning technology, but with the interaction between people and the systems around them. Tech is only effective when people understand it, trust it, and use it as intended.
For high-value individuals, the human dimension of security matters even more. Their digital and personal environments can be complex, shaped by personal assistants, family office set-ups and household staff. They travel frequently, operate across multiple jurisdictions, manage numerous accounts and devices, and experience high volumes of communication under time pressure. This generates risks that cannot be addressed by tech alone.
Human Behaviour vs Security
Good security depends on understanding why a particular requirement matters and how it fits into your daily life. When instructions are obscure, overly technical, or unnecessarily demanding, people circumvent them even when the associated risks are significant.
Research into security fatigue demonstrates a similar pattern, that constant authentication prompts and password reset requests desensitise people. They begin making rapid, convenience driven decisions that inadvertently increase exposure. For those whose environments are fragmented, demanding, and perhaps mediated by several intermediaries, this fatigue can carry higher stakes.
Threat Landscape
The UK’s National Cyber Security Centre (NCSC) reports a sustained pattern of targeted attacks against high-risk individuals, aimed at gaining access to their personal accounts and devices, and therefore their private information. These attacks exploit not only technical weaknesses but also the behaviours, relationships, and daily routines of the people involved.
Britain's National Cyber Security Centre is warning that criminals and nation-state hacking groups, confronted with well-managed corporate cybersecurity defences, have turned their sights to individual personal devices and accounts.
Personal digital environments, unlike centrally managed corporate systems, are frequently targeted because attackers perceive them as “easy targets” with fewer security controls in place. These threats are not indiscriminate. They represent persistent efforts by hostile actors to identify and pursue individuals who hold influence or have proximity to sensitive information.
Common and Emerging Threats:
Social engineering and targeted impersonation
Attackers routinely use spear phishing and social engineering techniques to compromise accounts and devices belonging to high-risk individuals.
This includes communication designed to appear legitimate or expected, often tailored to the individual’s role and interests. The speed and precision of these attacks have been accelerated by the adoption of AI. Criminals now use AI‑generated content to mimic trusted contacts with far greater accuracy, making social‑engineering attempts harder to recognise and far more likely to succeed.
Exploiting personal account recovery and weak points
Personal accounts are likely targets, as access to a single email or messaging account can provide attackers with a gateway to sensitive information for further compromise. Weak recovery processes, older devices, and mixed personal professional usage increase vulnerability.
Attacker analysis of routines and behaviour
Attackers often conduct online reconnaissance, observing communication habits and public facing activities to identify the most effective moment or method to approach a target. In recent guidance, the NCSC described how nation state level actors have carried out detailed reconnaissance of high-profile individuals’ personal email accounts.
Compromise of people around the principal
High-risk individuals are targeted because of their access or influence, and attackers pursue the path of least resistance. This includes going after those in their personal ecosystem (people who communicate with them regularly or handle sensitive information, and especially children or other family members) because these individuals may have weaker security on their personal accounts and devices.
Exposure through travel, public activity, and professional events
Travel places individuals in environments where control over their devices and surroundings is reduced. A phone taken briefly during a border check or an unsolicited approach at a conference may appear benign, yet both provide the kind of proximity and plausible cover that skilled attackers rely on. Public‑facing activity introduces similar vulnerabilities, as heightened visibility and 'informal’ encounters can mask deliberate attempts to gather information.
Physical–digital crossover risks
A situation that weakens physical control of devices increases the probability of compromise. Older phones are especially at risk because they may no longer receive security updates, making it easier for an attacker to exploit known vulnerabilities. Leaving a device unattended during a meeting or setting it down in a busy space creates opportunities for someone to access it unnoticed. Brief unsupervised contact could be enough for an attacker to extract information or install tools that remain useful to the attacker after the moment has passed.
Attackers increasingly pursue whichever aspect of the individual’s life is least protected, making a personalised, contextual, and behaviour aware security model essential.
A Usable Security Framework
Effective protection for high-value individuals depends on controls that address how attackers actually target people: through their personal accounts, devices, communications and the people around them. An overloaded or overly complicated technical setup is rarely followed in practice, so measures must be simple, sustainable, and easy to integrate into daily life.
Security also has to extend beyond the principal. Anyone who manages communication, schedules, or financial actions - family members, personal staff, advisers - needs clear expectations and the confidence to raise concerns quickly.
A tailored, human-centred security model should include:
1. Phishing resistant authentication
Use hardware backed credentials or platform passkeys. They are resistant to interception and minimise opportunities for attackers to compromise accounts through phishing or impersonation, as the authentication process cannot be captured.
2. Modern password practices
Use long, unique passwords stored in a reputable password manager. Avoid frequent forced changes, which encourage poor habits. The focus is on making the “right” behaviour easy.
3. Structured verification for sensitive or financial actions
Establish trusted communication routes in advance (for example, known phone numbers or agreed confirmation steps). Instructions received within a message, especially if urgent, should never be taken at face value.
4. Resilient account recovery settings
Reduce reliance on mobile numbers for resets, remove security questions, and ensure recovery emails and secondary devices are properly protected. These are common weak points attackers attempt to exploit.
5. Secure management of mobile numbers
Apply carrier level protections against unauthorised SIM changes. Ideally, avoid using a phone number as a primary authentication or recovery method for critical accounts. Where possible, ensure the number associated with core services is not widely shared, and consider maintaining a separate, less exposed number that is not used for public‑facing interactions or online registrations.
6. Travel appropriate device hygiene
Carry only what is necessary. Use updated devices, avoid insecure WiFi, and check for unexpected changes or prompts on return. Consider using a travel‑specific device with access to minimal data, as it reduces exposure by limiting what could be accessed or copied if the device is compromised.
7. Targeted guidance for family and staff
Provide short, role specific instructions using real world scenarios: what they should never approve, what unusual requests look like, and when to escalate. This works best when expectations are simple enough to recall under pressure, and when examples reflect situations they actually encounter in their day‑to‑day responsibilities.
8. Physical and environmental safeguards
Make sure devices are locked when unattended, limit unsupervised access by visitors or service providers, and apply privacy measures in homes, vehicles, and offices. Physical access remains one of the simplest ways to compromise personal devices.
The Concierge Approach
Because behaviour underpins security outcomes, individuals benefit from support that is personal, continuous, and communicated in straightforward, human language. coc00n’s enrolment process establishes a secure baseline by preparing devices and clarifying the behavioural risks most relevant to the client’s circumstances. The aim is not only to put sensible controls in place, but to build understanding on how attackers typically operate, what indicators to pay attention to, and how to respond when something feels unusual.
After enrolment with coc00n, the Cyber Concierge provides ongoing, on‑demand guidance. Clients can seek immediate assistance with suspicious communications, unexpected device activity, unfamiliar requests, or questions that arise when travelling. This approach mirrors the realities described earlier. Timely, contextual reassurance helps individuals act securely without adding friction to their day.
Security That Works With Real Life
For high-risk or high-value individuals, effective cyber security is not necessarily a matter of adding more technical complexity. It requires attention to how people think, communicate, travel, and organise their personal and professional relationships.
A model that pairs well-chosen technical controls with ongoing behavioural support provides a practical and resilient approach to protecting individuals whose personal and digital lives are both complex and highly targeted.
About the author
Marcelina Horsefield is a Cyber Security Advisor at coc00n, where she helps public figures navigate digital security with confidence. With over a decade of experience in legal operations, Marcelina focuses on a thoughtful, grounded approach to risk, translating today’s complex digital landscape into a clear, manageable path.
About coc00n
coc00n provides personal cyber security for high value individuals at a level previously only available to those under government protection. Contact us to find out more.