Organizational Human Factors and Technology Controls Against Phishing: A Qualitative Literature Synthesis and Classification Framework

EasyChair Preprint 16011

Abstract

Phishing attacks represent one of the most pervasive cybersecurity threats facing organizations globally, with over 88% of enterprises reporting spear-phishing incidents and 88% of data breaches originating from employee mistakes. Despite substantial investments in security infrastructure, organizations remain vulnerable to social engineering methods that exploit human, organizational, and technological vulnerabilities. This research conducts a qualitative literature synthesis of 32 academic articles to identify and classify the most prevalent anti-phishing measures in two critical domains: Organizational Human Factors Controls and Technology Controls. Through systematic literature selection, categorization frameworks, and occurrence-based analysis, this study establishes a comprehensive classification system defining twelve organizational measure classes and eight technology control classes. Results reveal that Security Awareness Training Programs (100% occurrence), Incident Response Procedures (90%), and Phishing Simulation Programs (80%) constitute the core organizational defense framework, while Content-Based Detection Systems (50%) and URL-Based Detection Systems (40%) dominate technology controls. The study provides evidence-based implementation guidance for each high-frequency measure, including structured training methodologies, incident response team establishment, and hybrid detection architectures combining deep learning with traditional approaches. These findings offer enterprises, particularly emerging organizations, a data-driven prioritization framework for establishing comprehensive anti-phishing defenses that address both human vulnerabilities and technological gaps in contemporary threat landscapes.

Keyphrases: Anti-phishing measures, Cybersecurity Training, Enterprise Security, Incident Response, Machine learning phishing detection, Organizational human factors, Phishing Detection, Phishing Prevention, Security Awareness Training, Technology controls

@booklet{EasyChair:16011,
  author    = {Trinh Khanh and Le Phuong and Pham Thong},
  title     = {Organizational Human Factors and Technology Controls Against Phishing: A Qualitative Literature Synthesis and Classification Framework},
  howpublished = {EasyChair Preprint 16011},
  year      = {EasyChair, 2026}}