Skip to main content

Why Your Brain is the Biggest Cybersecurity Risk

“The greatest shortcoming of the human race is our inability to understand the exponential function.”
Albert A. Bartlett

We are linear thinkers living in an exponential threat landscape where a new warning emerges every week. “Don’t use AI!” “Voice cloning is everywhere!” “Beware of deepfakes — they’re indistinguishable!” ”QR codes are being weaponised!” “Phones are being cloned!” “Chatbots are manipulating children!” “Criminals are impersonating CEOs, banks and family members!” It sounds like the beginning of a sci-fi movie, Armageddon, or a far-fetched plot  cooked up by Hollywood, doesn’t it?

At some point, the question creeps in quietly: Do we trust anyone anymore? Or are we just going to allow ourselves to live with constant anxiety and fear, asking “What if?” and “Am I next?” Beneath that question lies an even more uncomfortable one: What happens when the very mechanisms that help us survive become the target?

It’s not just about technology anymore; it’s about our entire nervous system.

Trust is a Cognitive Shortcut

The human brain accounts for around 2% of body mass, yet it uses up approximately 20% of the body’s energy. It cannot afford to scrutinise everything, so it automates processes. Daniel Kahneman described this process as ‘System 1’ thinking: fast, intuitive, and energy-efficient decision-making.

We constantly rely on trust signals: a familiar voice, a recognisable face, an authoritative tone, urgent language, social proof, and emotional cues. These are shortcuts and survival mechanisms of the brain, not flaws.

Social neuroscience shows that oxytocin increases trusting behaviour, even in risky situations. From an evolutionary perspective, cooperation improves survival. We are wired to assume good intent within our social group. Now, consider how this wiring operates in a digital environment where identity can be synthetically replicated.

  • Deepfakes exploit our facial recognition bias.
  • Voice synthesis exploits our emotional attachment to familiar tones.
  • Phishing exploits our biases regarding authority and urgency.
  • Quishing exploits our desire for convenience and curiosity.
  • AI language models exploit our tendency to anthropomorphise fluency.
  • Attacks are no longer primarily technical; they are cognitive engineering!

The Amygdala Hijack in the Digital Age

Imagine the most devastating scam scenario: a parent receives a call from someone who sounds exactly like their child, saying that they have been in an accident and urgently need money. In that moment, you are not calmly analysing waveform inconsistencies.

Research by Joseph LeDoux shows that the amygdala can process threat signals before the prefrontal cortex has fully evaluated the situation. Daniel Goleman later popularised the term ‘amygdala hijack’ to describe this phenomenon. When a perceived threat is activated:

  • Heart rate increases
  • Cortisol spikes
  • Working memory narrows
  • Impulse control drops
  • Risk assessment degrades

This reaction is adaptive when in physical danger but catastrophic when the danger is digital deception. Crisis impersonation scams work because they bypass deliberation and target attachment systems. Criminals are not trying to out-think you; they are trying to outpace your biology.

Hypervigilance is Not the Answer

Once people recognise this vulnerability, they often swing to the opposite extreme, trusting nothing, questioning everything, and assuming manipulation everywhere. However, chronic hypervigilance can have negative effects on cognitive function.

Prolonged uncertainty increases stress hormone levels, impairing executive function and working memory. Research on decision fatigue shows that individuals with depleted resources rely more heavily on shortcuts and make poorer judgements. Ironically, constant suspicion can increase vulnerability. When cognitive load rises, analytical scrutiny decreases, and the brain seeks relief, creating a loop.

  • Threat increases
  • Vigilance increases
  • Cognitive load increases
  • Judgement decreases
  • Vulnerability increases

This is the human mind under attack.

Intuition Versus Panic

People often ask whether they should rely on their gut instinct. The problem is that we confuse intuition with physiological panic. True intuition is pattern recognition built up over time. It’s a quiet discomfort, a subtle sense that something is amiss.

In contrast, an amygdala hijack feels urgent, intense, pressured, and emotional. Digital deception thrives on intensity, urgency, fear, shame, and excitement.

Neuroscience shows that even brief pauses can re-engage the prefrontal cortex. Slowing breathing reduces amygdala activation; a six-second pause can mean the difference between reacting and reflecting. Therefore, emotional regulation is now a cybersecurity skill.

Living in Synthetic Reality

We are entering an era in which seeing is no longer believing, and hearing is no longer verifying.

Research from MIT has shown that false information spreads faster than the truth on social platforms, largely because novel and emotionally charged content is more widely shared. AI exacerbates this trend by enabling the production of high-quality synthetic content at scale at low cost.

The deeper risk is not just fraud, but epistemic erosion. If people begin to doubt every video, voice note and message, social cohesion will weaken. Organisations rely on a shared reality. Families rely on relational trust. Democracies rely on collective agreement about facts.

The psychological cost of synthetic doubt is fragmentation. So, no, the solution is not to trust no one. Rather, the solution lies in moving from automatic trust to intentional trust.

Rebuilding Friction in a Frictionless World

Digital environments have been designed to reduce friction, and AI environments even more so. However, in the physical world, a certain degree of friction plays an important role in forming trust, as it creates opportunities for verification, observation, and accountability. Trust in the physical world is layered. Context

  • History
  • Repeated interaction
  • Verification
  • Social accountability.

In the digital world, these layers are often absent. Interaction, verification, and delay are replaced by frictionless design, such as one-click purchasing, automatically pre-filled personal information, and instant payment approvals. Therefore, resilience requires the reinstatement of deliberate friction.

  • Call back on a known number rather than the one provided.
  • Establish pre-agreed family verification phrases.
  • Use dual-channel verification for financial transactions.
  • Slow down decisions involving urgency or secrecy.
  • Normalise checking without shame.

This is not paranoia. It is behavioural design. In organisations, this means incorporating pause moments into processes. It means reinforcing decision checkpoints during high-stress scenarios. It means training people to recognise emotional spikes as indicators of risk.

The Human Mind Remains the Primary Target

AI is not a new risk; rather, it is an accelerated one. As tools continually evolve and voice models improve, deepfakes will become harder to detect, and social engineering will become more personalised.

It is more useful to ask, “How do we adapt?” than to ask, “What is next?”

Future advantage will not belong to organisations that deploy the most AI. It will belong to those who understand human cognition well enough to protect it. The human mind has always been the primary target, and now it is simply being attacked with greater precision.

So blind trust is dead, but trust is not. In an age of synthetic reality, psychological resilience is infrastructure.

References:

Arnsten, Amy F. T. ‘Stress Signalling Pathways That Impair Prefrontal Cortex Structure and Function’. Nature Reviews Neuroscience 10, no. 6 (2009): 410–22. https://doi.org/10.1038/nrn2648.

Attwell, David, and Simon B. Laughlin. ‘An Energy Budget for Signaling in the Grey Matter of the Brain’. Journal of Cerebral Blood Flow & Metabolism 21, no. 10 (2001): 1133–45. https://doi.org/10.1097/00004647-200110000-00001.

Baumeister, Roy F., Ellen Bratslavsky, Mark Muraven, and Dianne M. Tice. ‘Ego Depletion: Is the Active Self a Limited Resource?’ Journal of Personality and Social Psychology 74, no. 5 (1998): 1252–65. https://doi.org/10.1037/0022-3514.74.5.1252.

Baumgartner, Thomas, Markus Heinrichs, Aline Vonlanthen, Urs Fischbacher, and Ernst Fehr. ‘Oxytocin Shapes the Neural Circuitry of Trust and Trust Adaptation in Humans’. Neuron 58, no. 4 (2008): 639–50. https://doi.org/10.1016/j.neuron.2008.04.009.

Berger, Jonah, and Katherine L. Milkman. ‘What Makes Online Content Viral?’ Journal of Marketing Research 49, no. 2 (2012): 192–205. https://doi.org/10.1509/jmr.10.0353.

De Dreu, Carsten K. W., Lindred L. Greer, Gerben A. Van Kleef, Shaul Shalvi, and Michel J. J. Handgraaf. ‘Oxytocin Promotes Human Ethnocentrism’. Proceedings of the National Academy of Sciences 108, no. 4 (2011): 1262–66. https://doi.org/10.1073/pnas.1015316108.

Evans, Jonathan St. B. T. ‘Dual-Processing Accounts of Reasoning, Judgment, and Social Cognition’. Annual Review of Psychology 59, no. 1 (2008): 255–78. https://doi.org/10.1146/annurev.psych.59.103006.093629.

Fallis, Don. ‘The Epistemic Threat of Deepfakes’. Philosophy & Technology 34, no. 4 (2021): 623–43. https://doi.org/10.1007/s13347-020-00419-2.

Goleman, Daniel. Emotional Intelligence. Emotional Intelligence. Bantam Books, Inc, 1995.

Kosfeld, Michael, Markus Heinrichs, Paul J. Zak, Urs Fischbacher, and Ernst Fehr. ‘Oxytocin Increases Trust in Humans’. Nature 435, no. 7042 (2005): 673–76. https://doi.org/10.1038/nature03701.

LeDoux, Joseph E. ‘Emotion Circuits in the Brain’. Annual Review of Neuroscience 23, no. 1 (2000): 155–84. https://doi.org/10.1146/annurev.neuro.23.1.155.

Lupien, S. J., F. Maheu, M. Tu, A. Fiocco, and T. E. Schramek. ‘The Effects of Stress and Stress Hormones on Human Cognition: Implications for the Field of Brain and Cognition’. Brain and Cognition 65, no. 3 (2007): 209–37. https://doi.org/10.1016/j.bandc.2007.02.007.

Pearson, Helen. ‘Science and Intuition: Do Both Have a Place in Clinical Decision Making?’ British Journal of Nursing (Mark Allen Publishing) 22, no. 4 (2013): 212–15. https://doi.org/10.12968/bjon.2013.22.4.212.

Pierce, Jordan E., R. James R. Blair, Kayla R. Clark, and Maital Neta. ‘Reappraisal-Related Downregulation of Amygdala BOLD Activation Occurs Only during the Late Trial Window’. Cognitive, Affective & Behavioral Neuroscience 22, no. 4 (2022): 777–87. https://doi.org/10.3758/s13415-021-00980-z.

Raichle, Marcus E., and Debra A. Gusnard. ‘Appraising the Brain’s Energy Budget’. Proceedings of the National Academy of Sciences 99, no. 16 (2002): 10237–39. https://doi.org/10.1073/pnas.172399499.

Shreeve, Benjamin, Catarina Gralha, Awais Rashid, João Araújo, and Miguel Goulão. ‘Making Sense of the Unknown: How Managers Make Cyber Security Decisions’. ACM Trans. Softw. Eng. Methodol. 32, no. 4 (2023): 83:1-83:33. https://doi.org/10.1145/3548682.

Sweller, John. ‘Cognitive Load During Problem Solving: Effects on Learning’. Cognitive Science 12, no. 2 (1988): 257–85. https://doi.org/10.1207/s15516709cog1202_4.

Trivers, Robert L. ‘The Evolution of Reciprocal Altruism’. The Quarterly Review of Biology 46, no. 1 (1971): 35–57. https://doi.org/10.1086/406755.

Taryn-Lee PotgieterHead of Brand Growth | Psychology student at SACAP

Subscribe to the Cyber Dexterity NewsRoom?

Receive updates, articles and fresh insights from Tony’s Blog Theme – “My Two Cents Worth.”