Human and Organizational Factors in Smart Grid Cybersecurity

None, None; None, None; None, None; None, None

Human and Organizational Factors in Smart Grid Cybersecurity

A Systematic Literature Review

Conference Paper (2026)

Author(s)

Ronak Tejas Shah (TU Delft - Technology, Policy and Management)

Michel van Eeten (TU Delft - Technology, Policy and Management)

Wolter Pieters (TU Delft - Technology, Policy and Management)

Simon Parkin (TU Delft - Technology, Policy and Management)

Research Group

Organisation & Governance

Cybersecurity Human factors Smart grids Systematic literature review Organizational factors

DOI related publication

https://doi.org/10.1007/978-3-032-19540-1_3 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:c129a0f5-09e0-4b82-9b71-334892757a43

More Info

expand_more

Publication Year

2026

Language

English

Research Group

Organisation & Governance

Pages (from-to)

39-57

Publisher

Springer

ISBN (print)

9783032195395

ISBN (electronic)

9783032195401

Event

International Conference on Critical Information Infrastructures Security<br/> (2025-10-21 - 2025-10-23), Jönköping, Sweden

Downloads counter

6

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

The increasing digitalization of power systems into “smart grids” has introduced complex cybersecurity challenges. Although technical solutions dominate research in this area, non-technical factors crucial to smart grid cybersecurity remain unknown. This paper presents a systematic review of 27 studies examining how human and organizational factors are addressed in the smart grid cybersecurity literature. Our analysis reveals three key limitations: (1) a disconnect between proposed solutions and real-world challenges; (2) an overemphasis on individual operator decision-making during cyber incidents, despite empirical evidence supporting collaborative approaches; and (3) the imprecise use of concepts like “cybersecurity awareness” and “security culture”, neglecting established human factors literature developed around these concepts. Future research should ground interventions in real-world operational complexities, ensuring alignment between empirical and methodological approaches.

Files

978-3-032-19540-1_3.pdf

(pdf | 1.07 Mb)

Taverne

File under embargo until 01-10-2026