We can deconstruct Human Factors and claim that the first barrier we must overcome is of individuality. Errors and$/$ or violations are both examples of incorrect security activities.

Only a few have malicious intent $($eg$,$ acts of sabotage$),$ whereas the majority are the result of improper work element configurations, resulting in unintentional and non$-$deliberate violations, as well as deliberate non$-$malicious intent activities. Individual variability related to the likelihood of error$-$producing situations and violations can be analysed using a variety of psychological frameworks. We can look into consolidated models that use the mediating impact of behavioural intention to link behaviours and attitudes. Employee attitudes toward cybersecurity$-$critical behaviours can be used to explain human errors and violations.

Because cybersecurity may be improved, attitudes predict actual behavioural intentions of risky behaviours in a straightforward way. Because cybersecunty can be improved by pushing a specific set of individual factors that can shape attitudes, such as subjective norms; beliefs in the percerved consequences of an action; actual knowledge of the cybersecurity topic; the preferred cognitive strategies used in a decision$-$making process, etc., attitudes represent a crucial factor in avoiding secunty breaches related to deliberate actions determining an unwanted violation of a secunty rule. Employee attitudes calalso enable the influence of more social and organisational factors such as social norms, ethical dilemmas, and different levels of behavioural control percerved by the employee $1$e$.,$ the degree of freedom perceived to enact a given behaviour and the contextual barriers$/$ enablers in place, related to such a given behaviour$).$ When it comes to defining security breaches as violations, other psychological frameworks might be used, emphasising the significance of norms and ethical principles in developing employee attitudes. The levels of moral duty and the explicit awareness of the consequences of a given behaviour can both alter attitudes. Employees who are well$-$informed and trained reduce the number of unintentional and non$-$deliberate activities that result in a breach of cybersecurity laws, and they play an important role in reducing information security risks. Understanding the complexities of human errors and violations can assist in identifying the areas that have the most impact on overall system secunty$.$