Received 14.11.2025, Revised 16.02.2026, Accepted 26.03.2026 Published 20.04.2026

Interactive visualisation and analysis of risks with a human factor

Viktoriia Trofymchuk

The human factor remains one of the key vulnerabilities in modern cybersecurity, which emphasises the importance of analysing user behaviour in risk management systems. This study presents a comprehensive mathematical model for personalised risk assessment of digital user behaviour, followed by interactive visualisation to support operational decision-making. The aim of the research was to create a model that allows for accurate analysis of individual and situational vulnerability factors, prediction of risky behaviour, and adaptation of protective measures in real time. For the model implementation, a combination of Bayesian analysis, Markov decision-making processes, regression methods, and modern data visualisation tools was used. As a simulation-based, the model was tested on 500 artificially generated user profiles reflecting different levels of digital literacy and behavioural responses to phishing scenarios. The results showed that individualised training significantly reduces the risk of phishing attacks – in some cases by 40%. The built model achieved a prediction accuracy of 85%, demonstrating high efficiency even when taking into account behavioural exceptions. It was found that stress, time constraints, and difficult conditions increase the probability of errors by 25%. At the same time, regular interaction with simulated threats makes it possible to build stable skills – the so-called “risk memory” – which reduces the number of errors over time. The model integrated both behavioural parameters – level of knowledge, stress tolerance, user experience – and external factors, including the threat complexity and workload intensity. This allows for dynamic adjustment of security strategies. Use of Markov modelling allowed optimising training processes, reducing losses by 65%. Interactive dashboards provided individualised vulnerability monitoring and rapid response to potential threats. The practical value of the proposed approach lies in the possibility of its integration into corporate security systems and use in educational and telemedia programmes to improve cybersecurity

mathematical modelling; data visualisation; Bayesian analysis; Markov processes; social engineering
35-45
Trofymchuk, V. (2026). Interactive visualisation and analysis of risks with a human factor. Information Technologies and Computer Engineering, 23(1), 35-45. https://doi.org/10.31649/vitce/1.2026.35

References

  1. Ahmad, H., Ullah, F., & Jafri, R. (2024). A survey on immersive cyber situational awareness systems. ArXivdoi: 10.48550/arXiv.2408.07456.
  2. Ahmed, K., Khurshid, S.K., & Hina, S. (2024). CyberEntRel: Joint extraction of cyber entities and relations using deep learning. Computers & Security, 134, article number 103579. doi: 10.1016/j.cose.2023.103579
  3. Alshehri, A. (2024). AI-powered adaptive cybersecurity awareness training for the industrial sectorInternational Journal of Intelligent Systems and Applications in Engineering, 12(4), 5493-5505.
  4. Anderson, R. (2020). Security engineering: A guide to building dependable distributed systems (3rd ed.). Hoboken: Wiley. doi: 10.1002/9781119644682.
  5. Bada, M., Sasse, M.A., & Nurse, J.R.C. (2015). Cyber security awareness campaigns: Why do they fail to change behavior? International Journal of Human-Computer Studies, 123, 118-131.
  6. Bonneau, J., Herley, C., van Oorschot, P.C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In IEEE symposium on security and privacy (pp. 553-567). San Francisco: IEEE. doi: 10.1109/SP.2012.44.
  7. ENISA (European Union Agency for Cybersecurity). (2024). ENISA threat landscape 2024. Retrieved from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024.
  8. Hossain, M.J., Alam, K., Monir, M.F., Hoque, M., & Ahmed, T. (2025). Explainable AI meets synthetic data: A deep learning framework for detecting network intrusion in NextG network infrastructure. IEEE Access, 13, 114979-115001. doi: 10.1109/ACCESS.2025.3585783.
  9. Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I.P., & Tygar, J.D. (2011). Adversarial machine learning. In Proceedings of the 4th ACM workshop on security and artificial intelligence (pp. 43-58). New York: ACM. doi: 10.1145/2046684.2046692.
  10. NIST. (2020). Security and privacy controls for information systems and organizations (SP 800-53r5) (Rev. 5). Gaithersburg: NIST. doi: 10.6028/NIST.SP.800-53r5.
  11. Arpaci, I., & Sevinc, K. (2021). Development of the cybersecurity scale (CS-S): Evidence of validity and reliability. Information Development, 38(2), 218-226. doi: 10.1177/0266666921997512.
  12. Zhang-Kennedy, L., & Chiasson, S. (2020). A systematic review of multimedia tools for cybersecurity awareness and education. ACM Computing Surveys, 54(1), 1-39 pages. doi: 10.1145/3427920.
  13. Qin, Y., Yang, X., Yang, L-X., & Huang, K. (2025). Mitigating social engineering attacks through cost-effective security awareness training policy. IEEE Transactions on Network Science and Engineering, 12(4), 3145-3158. doi: 10.1109/TNSE.2025.3556927.
  14. Schneier, B. (2015). Data and Goliath. New York: W.W. Norton & Company.
  15. Shah, S.M.A., Ahmed, A., & Ali, M.A. (2019). Social engineering threats and countermeasures in SHCT. International Journal of Business Intelligence, 8(2), 44-46. doi: 10.20894/IJBI.105.008.002.004.
  16. Sugunaraj, N. (2024). Human factors in the LastPass breach. ArXivdoi: 10.48550/arXiv.2405.01795.
  17. Kamatchi, K., & Uma, E. (2025). Securing the edge: Privacy-preserving federated learning for insider threats in IoT networks. The Journal of Supercomputing, 81, article number 246. doi: 10.1007/s11227-024-06752-z.
  18. Trofymchuk, V. (2025). Development of a mathematical model to improve the efficiency of telecommunication networks. International Science Journal of Engineering & Agriculture, 4(2), 26-38. doi: 10.46299/j.isjea.20250402.03.
  19. Tversky, A., & Kahneman, D. (1974). Judgment under uncertainty: Heuristics and biases. Science, 185(4157), 1124-1131. doi: 10.1126/science.185.4157.1124.
  20. Verizon business. (2024). Data Breach Investigations Report (DBIR) 2024. Retrieved from https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf.
  21. Wang, J., Neil, M., & Fenton, N. (2020). A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Computers & Security, 89, article number 101659. doi: 10.1016/j.cose.2019.101659.
  22. Zaoui, M., Yousra, B., Yassine, S., Maleh, Y., & Ouazzane, K. (2024). A comprehensive taxonomy of social engineering attacks and defense mechanisms: Toward effective mitigation strategies. IEEE Access, 12, 72224-72241doi: 0.1109/ACCESS.2024.3403197.