Human Error vs. System Security: Evaluating the Weakest Link in Digital Business Information Systems
DOI:
https://doi.org/10.51903/jmi.v4i3.305Keywords:
Human Error, Digital Business Security, Information Systems, Socio-Technical Approach, Cybersecurity RiskAbstract
The perennial question in digital business cybersecurity concerns whether human error or technical system vulnerabilities constitute the greater threat to organizational information systems and thus should receive priority in security investment. This study empirically examines this issue by identifying the weakest link in contemporary digital business environments. The study offers a theoretical contribution by integrating Human Error Theory, Socio-Technical Systems Theory, and the ISO 27001 framework into a unified analytical model for evaluating organizational information security weaknesses. Using an explanatory sequential mixed-methods design, quantitative data were collected from 217 information technology professionals, complemented by 15 in-depth interviews and an analysis of security incident records. The results indicate that human error (M = 3.82) is significantly more prevalent than technical system vulnerabilities (M = 2.94), as confirmed by a paired t-test (t(216) = 5.734, p < .001). Structural Equation Modeling further reveals that workload pressure and insufficient practice-based training significantly contribute to human error (β = 0.58, p < .001). Qualitative findings highlight cognitive overload, training gaps, and social engineering as dominant contributing factors. The study demonstrates that human error should not be interpreted merely as individual negligence but as an outcome of more profound organizational and socio-technical weaknesses. These findings support a strategic shift toward human-centered and socio-technical cybersecurity approaches to enhance organizational digital resilience.
References
Al-Hattami, H. M. (2024). The influence of accounting information system on management control effectiveness: The perspective of SMEs in Yemen. Information Development, 40(1), 75–93. https://doi.org/10.1177/02666669221087184
Ammirato, S., Felicetti, A. M., Linzalone, R., & Carlucci, D. (2022). Digital business models in cultural tourism. International Journal of Entrepreneurial Behaviour and Research, 28(8), 1940–1961. https://doi.org/10.1108/IJEBR-01-2021-0070
Amoresano, K., & Yankson, B. (2023). Human Error - A Critical Contributing Factor to the Rise in Data Breaches: A Case Study of Higher Education. HOLISTICA – Journal of Business and Public Administration, 14(1), 110–132. https://doi.org/10.2478/hjbpa-2023-0007
Ashour, A., Phipps, D. L., & Ashcroft, M. (2022). Predicting dispensing errors in community pharmacies: An application of the Systematic Human Error Reduction and Prediction Approach (SHERPA). PLoS ONE, 17(1 January). https://doi.org/10.1371/journal.pone.0261672
Baroni, L. A., Puska, A. A., De Castro Salgado, L. C., & Pereira, R. (2021, October 18). Dark Patterns: Towards a Socio-technical Approach. ACM International Conference Proceeding Series. https://doi.org/10.1145/3472301.3484336
Cameron, L. D., & Rahman, H. (2022). Expanding the Locus of Resistance: Understanding the Co-constitution of Control and Resistance in the Gig Economy. Organization Science, 33(1), 38–58. https://doi.org/10.1287/ORSC.2021.1557
Cao, X., Ali, A., Pitafi, A. H., Khan, A. N., & Waqas, M. (2021). A socio-technical system approach to knowledge creation and team performance: evidence from China. Information Technology and People, 34(7), 1976–1996. https://doi.org/10.1108/ITP-10-2019-0536
Ekstedt, M., Afzal, Z., Mukherjee, P., Hacks, S., & Lagerström, R. (2023). Yet another cybersecurity risk assessment framework. International Journal of Information Security, 22(6), 1713–1729. https://doi.org/10.1007/s10207-023-00713-y
Fakiha, B. (2021). Business organization security strategies to cyber security threats. International Journal of Safety and Security Engineering, 11(1), 101–104. https://doi.org/10.18280/ijsse.110111
Florackis, C., Louca, C., Michaely, R., & Weber, M. (2020). Nber Working Paper Series Cybersecurity Risk. http://www.nber.org/papers/w28196
Gibbs, M., Mengel, F., & Siemroth, C. (2023). Work from Home and Productivity: Evidence from Personnel and Analytics Data on Information Technology Professionals. Journal of Political Economy Microeconomics, 1(1), 7–41. https://doi.org/10.1086/721803
Hamid, K., Iqbal, M. W., Abdul, H., Muhammad, B., Fuzail, M. Z., Waseem Iqbal, M., Fuzail, Z., Tabassum Ghafoor † † † † †, Z., & Ahmad, S. (2022). Usability Evaluation of Mobile Banking Applications in Digital Business as Emerging Economy. IJCSNS International Journal of Computer Science and Network Security, 22(2), 250. https://doi.org/10.22937/IJCSNS.2022.22.2.32
Handoko, M., Yulianto, A. R., Jatinurcahyo, R., Subariyanti, H., Nikmah, W., Adawia, P. R., Yulianto, & Armaniah, H. (2025). Implementation of MIS (Management InformationSystem) to Improve Efficiency and Security of Interbank transactions Using BCA Mobile (Case Study at Bank BCA Tbk). Journal of Management and Informatics, 4(2), 791–806. https://doi.org/10.51903/jmi.v4i2.201
Havryliuk, O., Yakushev, O., Petchenko, M., Zachosova, N., Bielialov, T., & Kozlovska, S. (2023). Cyber Security And Artificial Intelligence In The Context Of Ensuring Business Security In Wartime. Financial and Credit Activity: Problems of Theory and Practice, 6(53), 451–459. https://doi.org/10.55643/fcaptp.6.53.2023.4130
Herrmann, T., Jahnke, I., & Nolte, A. (2022). A problem-based approach to the advancement of heuristics for socio-technical evaluation. Behaviour and Information Technology, 41(14), 3087–3109. https://doi.org/10.1080/0144929X.2021.1972157
Judijanto, L., Hindarto, D., Wahjono, S. I., & Djunarto. (2023). Edge of Enterprise Architecture in Addressing Cyber Security Threats and Business Risks. International Journal Software Engineering and Computer Science (IJSECS), 3(3), 386–396. https://doi.org/10.35870/ijsecs.v3i3.1816
Kirkegaard, J. K., Rudolph, D. P., Nyborg, S., Solman, H., Gill, E., Cronin, T., & Hallisey, M. (2023). Tackling grand challenges in wind energy through a socio-technical perspective. In Nature Energy (Vol. 8, Issue 7, pp. 655–664). Nature Research. https://doi.org/10.1038/s41560-023-01266-z
Masili, G., Binci, D., Cerruti, C., Appolloni, A., & Giraldi, L. (2024). Agility in virtual environments: the socio-technical approach of distributed agile teams. Management Research Review, 47(13), 69–86. https://doi.org/10.1108/MRR-03-2023-0219
Miklosik, A., Evans, N., & Qureshi, A. M. A. (2021). The Use of Chatbots in Digital Business Transformation: A Systematic Literature Review. In IEEE Access (Vol. 9, pp. 106530–106539). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ACCESS.2021.3100885
Read, G. J. M., Shorrock, S., Walker, G. H., & Salmon, P. M. (2021). State of science: evolving perspectives on ‘human error.’ In Ergonomics (Vol. 64, Issue 9, pp. 1091–1114). Taylor and Francis Ltd. https://doi.org/10.1080/00140139.2021.1953615
Repetto, M., Carrega, A., & Rapuzzi, R. (2021). An architecture to manage security operations for digital service chains. Future Generation Computer Systems, 115, 251–266. https://doi.org/10.1016/j.future.2020.08.044
Saeed, S., Altamimi, S. A., Alkayyal, N. A., Alshehri, E., & Alabbad, D. A. (2023). Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations. In Sensors (Vol. 23, Issue 15). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/s23156666
Torres, Y., Nadeau, S., & Landau, K. (2021). Classification and quantification of human error in manufacturing: A case study in complex manual assembly. Applied Sciences (Switzerland), 11(2), 1–23. https://doi.org/10.3390/app11020749
Ulven, J. B., & Wangen, G. (2021). A systematic review of cybersecurity risks in higher education. In Future Internet (Vol. 13, Issue 2, pp. 1–40). MDPI AG. https://doi.org/10.3390/fi13020039
Yang, J., & Zhang, M. (2023). Beyond structural inequality: a socio-technical approach to the digital divide in the platform environment. Humanities and Social Sciences Communications, 10(1). https://doi.org/10.1057/s41599-023-02326-1
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Nguyen Thị Mai, Iman Khalid

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

