Social engineering attacks, responsible for over 80% of successful cyber intrusions, exploit human psychology to bypass technical defenses. This research investigates the underlying behavioral mechanisms of social engineering and their implications for cybersecurity law and policy. Combining psychological experiments with statistical analyses of phishing and business email compromise (BEC) incidents, the study identifies key cognitive biases, such as trust manipulation and decision fatigue, that attackers leverage. Additionally, the research examines the role of legal frameworks in mitigating these attacks, focusing on liability allocation, regulatory enforcement, and victim protection. By integrating findings from behavioral science and legal studies, the paper proposes a comprehensive model for cybersecurity awareness, emphasizing targeted training, adaptive policy design, and public-private collaboration. This evidence-based approach aims to reduce the global impact of social engineering attacks while informing future legal and educational strategies.
Sahni et al. (Wed,) studied this question.