Fast Facts

• 95% of cybersecurity breaches stem from human error, not just technical flaws.
• Professor Luca Viganò’s “Explainable Security” framework uses storytelling to clarify complex digital risks.
• Classic tales like Cinderella and The Odyssey illustrate principles of multi-factor authentication and social engineering.
• Empirical studies show stories can boost users’ understanding of cybersecurity - sometimes more than manuals or technical guides.

Once Upon a Password: The Problem with Explaining Security

Imagine a world where your digital safety isn’t explained through dense manuals or intimidating jargon - but through the glass slipper of Cinderella or the cunning of Odysseus. That’s the vision propelling Professor Luca Viganò, head of the Cybersecurity Group at King’s College London, who argues that the real barrier to cybersecurity isn’t just technical complexity; it’s the failure to communicate risk in a way humans naturally understand.

The numbers are stark: an IBM study cited by Viganò claims 95% of security vulnerabilities arise from human mistakes. For decades, the narrative has painted users as the “weakest link.” But Viganò flips the script, asking: If users aren’t taught security in their own language, who’s really at fault?

From Fairy Tales to Firewalls: A New Approach Emerges

Enter Explainable Security (XSec), Viganò’s framework that borrows from journalism: Who needs to understand? What is being explained? When and where should this happen - and, crucially, how? The twist: instead of focusing solely on technical systems, XSec integrates the social side, treating humans as part of the security equation, not just its weakest point.

Drawing from global folklore, Viganò maps classic stories to digital security concepts. Cinderella’s fabled shoe test? It’s multi-factor authentication: her foot (biometrics) and the second slipper (something she possesses). In the Odyssey, Odysseus is recognized through a combination of physical traits, personal history, and secret knowledge - a security protocol centuries ahead of its time.

Lessons from Legends: Why Stories Work Where Manuals Fail

It’s not all metaphor. Viganò’s experiments, some in collaboration with performance artist Alistair Gentry, reveal that storytelling can measurably improve people’s grasp of cybersecurity. While no approach is a silver bullet - sometimes stories need a skilled guide - the evidence suggests fairy tales and myths can outshine dry instructions, making abstract risks feel immediate and relatable.

The idea isn’t just academic. As phishing scams, ransomware, and social engineering attacks surge worldwide, billions are at risk not because they lack intelligence, but because they lack intuitive, memorable guidance. Stories - universal, adaptable, and sticky - could be the missing link in a safer digital future.

WIKICROOK

• Multi: Multi refers to using a combination of different technologies or systems - like LEO and GEO satellites - to improve reliability, coverage, and security.
• Social Engineering: Social engineering is the use of deception by hackers to trick people into revealing confidential information or providing unauthorized system access.
• Biometrics: Biometrics uses unique physical traits, such as fingerprints or facial features, to securely verify a person's identity for access and authentication.
• Replay Attack: A replay attack is when an attacker resends intercepted messages to trick systems or users, exploiting security flaws to gain unauthorized access.
• Socio: A socio-technical system blends human and technological aspects, ensuring both are considered in cybersecurity planning and defense strategies.