Akademik Veri Yönetim Sistemi
Journal of Cyber Security Technology, cilt.10, sa.1, 2026 (Scopus)
Human behavior remains the most significant security vulnerability, accounting for a significant amount of cybersecurity incidents. Despite increasing research, inconsistencies in definitions, conflicting measurement tools and superficial theories persist in the field. This study aims to systematically review existing literature review studies in the field of behavioral cybersecurity; evaluate the consistency of the conceptual definitions, theoretical frameworks and measurement approaches used; identify methodological and theoretical limitations in the literature; and present evidence-based solutions to address these limitations. This tertiary systematic review synthesizes the findings of 72 secondary reviews on human factors in cybersecurity. Following a comprehensive database search and rigorous selection, the thematic synthesis revealed seven focus areas (general security behavior, measurement, theoretical foundations, awareness, governance, determinants and compliance). Three key limitations were identified: (1) overreliance on cross-sectional designs that limit causal inference; (2) conceptual ambiguity stemming from measures with weak psychometric validity; and (3) limited theoretical focus that constrains conceptual advancement. To address the limitations, a structured framework for behavioral cybersecurity research has been proposed, incorporating mixed-methods and validity measures grounded in item response theory. This framework aims to link behavioral concepts to concrete outcomes such as training effectiveness and organizational resilience.