The human ability to recognise and report incidents remains central to cybersecurity. Yet many organisations still struggle to encourage meaningful reporting from employees. What can cybersecurity learn from decades of safety science in aviation, healthcare, and other high-risk sectors?
This session begins with an expert input from Nico Ebert, drawing on insights from his paper Learning from Safety Science: Designing Incident Reporting Systems in Cybersecurity (link to read the paper).
The talk will explore how psychological safety, fair and non-punitive responses to mistakes, simple reporting mechanisms, clear guidance, and strong feedback loops have transformed reporting cultures in safety-critical environments, and how the same principles can strengthen cybersecurity resilience.
Following the presentation, participants will engage in a hands-on workshop, applying together these proven ideas to design practical, user-centred reporting systems that make reporting easy, supported, and part of everyday practice.
This workshop is aimed at cybersecurity professionals in the NREN and broader R&E community such as awareness and training experts, security managers, SOC/incident response leads, risk and compliance officers and anyone designing or improving reporting channels and response processes.
Join us and work with peers to translate proven principles into practical solutions for your organisation.
About Nico Ebert
Nico Ebert is a Professor of Information Systems and Head of the Cybersecurity & People Group at the Zurich University of Applied Sciences in Human Factors in Security and Privacy. He has a Ph.D. in Information Systems from the University of St. Gallen and several years of practical experience in the IT industry in consulting companies and large corporations. His research interests include organisational and behavioural aspects of security and privacy, security and privacy by design, and human-computer interaction.
