A New Discipline at the Crossroads of Psychology and Digital Risk
At Risk-!n 2026, Philippe Séjalon had the opportunity to speak with Sarah Pauli, a cyber psychologist and one of the first professionals in this emerging field. Rooted in economic psychology, her work focuses on human behavior, emotions, and dynamics in the digital world, with a particular emphasis on cybercrime and the risks that people unknowingly create for themselves and their organizations.
The Human Factor: The Most Underestimated Threat
Sarah Pauli points to a striking statistic: back in 2014, Deloitte already reported that 80% of all zero-day attacks against companies originated from the human factor. This includes employees casually discussing company matters in their personal lives, oversharing on social media, or simply carrying a compromised personal device into the workplace. According to Pauli, your private mobile phone may be the single greatest security risk you bring through the office door each day.
Beyond Phishing: The Hidden Dynamics in Organizations
While most people are familiar with security awareness training and phishing simulations, Pauli focuses on something deeper. She is particularly interested in the effects that are harder to detect and slower to surface within organizations. Rather than addressing the obvious threats, her approach uncovers the subtle psychological patterns and social behaviors that quietly expose companies to significant vulnerabilities. Her work sits firmly outside clinical or forensic psychology, staying grounded in organizational and economic behavior.
Two Simple but Powerful Rules to Stay Safe
When asked for practical advice, Pauli kept it clear and direct: practice digital detox, and think before you share. In a world where oversharing has become second nature, these two principles serve as a powerful reminder that human awareness remains the first and most essential line of defense in cybersecurity.
