The rapid digital transformation of financial services has reshaped the way individuals interact with banks. Today, online banking enables customers to transfer funds, manage investments, pay bills, and monitor transactions anytime and anywhere. However, as financial ecosystems become increasingly digital, security risk grows alongside convenience. While banks invest heavily in encryption, artificial intelligence, and advanced fraud detection tools, one element remains persistently vulnerable: the human factor.
Online banking adoption has surged globally, particularly in emerging digital economies where financial inclusion and digital infrastructure are rapidly evolving. In Malaysia, for example, regulatory bodies such as Bank Negara Malaysia have introduced comprehensive cyber risk management guidelines to strengthen financial sector resilience and ensure safer digital transactions.
However, as highlighted in “Cyber Security Awareness among Digital Banking Users in Malaysia” by Bakar, Yahaya & Ramli (2025), despite institutional safeguards and regulatory improvements, cyber incidents in the banking sector continue to increase. These include phishing attacks, ransomware campaigns, identity theft, and unauthorized access to digital banking platforms. The expansion of online banking introduces several layers of exposure:
While banks implement robust security infrastructure such as encryption, fraud monitoring systems, and authentication controls, users frequently become the weakest link. This is where the human factor becomes central to understanding online banking security risk. Technology can protect systems, but human behavior ultimately determines whether protection succeeds or fails.
Read: Human Behavior: The Main Factor Behind Data Leaks
The human factor refers to the role of human behavior, awareness, knowledge, and decision-making in contributing to or mitigating security risk. In online banking environments, security is not purely a technical issue—it is deeply influenced by user perception, habits, and cognitive responses to threats. As discussed by Bakar et al. (2025), awareness plays a decisive role in shaping how users respond to cyber threats. In online banking, the human factor manifests in several ways:
Bakar et al. (2025) found that awareness of cyber-attacks showed the strongest predictive relationship with cybersecurity awareness, with a correlation coefficient of 0.714. This indicates that users who understand cyber threats are significantly more likely to practice secure behaviors in online banking environments. This insight emphasizes that the human factor is not merely about technical literacy, it is about threat perception, judgment, and behavioral response. Security awareness must translate into consistent action.
Among the independent variables examined in the study, awareness of cyber-attacks emerged as the strongest predictor of cybersecurity awareness, as emphasized in “Cyber Security Awareness among Digital Banking Users in Malaysia” by Bakar et al. (2025). This finding is particularly important when analyzing online banking security risk because it demonstrates that understanding threats directly influences safe behavior. When users understand the tactics used by attackers such as phishing, social engineering, fake banking portals, and impersonation scams—they tend to adopt more cautious digital habits. The study found that:
These findings, reported by Bakar et al. (2025), illustrate a proactive mindset driven by awareness. However, concern does not always translate into consistent protective behavior. Security risk increases when users:
Thus, awareness must evolve into behavioral discipline. Knowledge alone is insufficient if not consistently applied in real-world scenarios.
Another key human factor dimension involves awareness of policies and regulations. According to “Cyber Security Awareness among Digital Banking Users in Malaysia” by Bakar et al. (2025), awareness of regulatory frameworks showed a strong positive correlation (r = 0.600) with cybersecurity awareness.
Many respondents believed that regulations are necessary and that digital banking institutions adequately protect personal data. While trust in regulatory frameworks builds confidence in online banking systems, excessive trust can unintentionally lead to complacency. When users assume:
they may lower their personal vigilance and reduce proactive security behaviors. Online banking security risk increases when users over-rely on institutional safeguards instead of practicing shared responsibility. Regulations create a secure foundation but they cannot eliminate human mistakes, impulsive decisions, or cognitive biases. As Bakar et al. (2025) suggest, awareness of policies must complement and not replace personal accountability.
Multi-Factor Authentication (MFA) is widely recognized as a critical security control in online banking. Bakar et al. (2025) identified a strong positive relationship between awareness of MFA and cybersecurity awareness (r = 0.489), reinforcing its importance in reducing security risk. Most respondents agreed that:
These findings, highlighted by Bakar et al. (2025), demonstrate that users understand the theoretical value of MFA. However, understanding does not always guarantee consistent implementation. Despite high agreement levels, MFA often encounters behavioral resistance. The human factor plays a role in:
Security risk emerges when convenience overrides caution. Users may prioritize speed and ease over long-term protection, especially when authentication steps are perceived as disruptive. This tension between usability and security represents a fundamental human vulnerability in online banking environments. Effective security design must therefore balance protection with seamless user experience.
One striking finding from the study “Cyber Security Awareness among Digital Banking Users in Malaysia” by Bakar et al. (2025) was that many respondents reported not receiving cybersecurity training or education from their banks. A significant portion disagreed with the statement that they had received formal security education. This training gap amplifies online banking security risk because awareness cannot develop without structured guidance and continuous reinforcement. Without continuous education:
Security awareness cannot be static. Cyber threats evolve rapidly, meaning that the human factor must be continuously strengthened through updated knowledge, real-life simulations, and behavioral nudges. As emphasized by Bakar et al. (2025), enhancing cybersecurity awareness among digital banking users is essential to reducing exposure to fraud and digital threats. The human factor must be treated as a dynamic security layer—one that requires constant investment, reinforcement, and adaptation.
The regression analysis conducted by Bakar et al. (2025) in “Cyber Security Awareness among Digital Banking Users in Malaysia” revealed that 73.1% of the variation in cybersecurity awareness among digital banking users could be explained by three key awareness factors: awareness of cyber-attacks, awareness of policies and regulations, and awareness of multi-factor authentication. This is a powerful statistic because it quantifies the impact of the human factor in online banking security risk. Rather than being a minor variable, human awareness accounts for the majority of security outcome differences among users.
What this suggests is clear: human awareness variables significantly influence security outcomes. Strengthening the human factor may reduce online banking security risk more effectively than relying solely on technological upgrades. While banks continue to invest in encryption, AI-based fraud detection, and real-time monitoring systems, the findings from Bakar et al. (2025) show that user knowledge and behavioral awareness play an equally critical—if not greater—role in shaping cybersecurity resilience.
Furthermore, awareness of cyber-attacks recorded the highest beta value (β = 0.442), making it the strongest predictor of cybersecurity awareness (Bakar et al., 2025). This confirms that threat knowledge shapes user behavior more strongly than regulatory awareness or authentication practices alone. In simple terms, when users understand how cybercriminals operate, they become more cautious, more skeptical, and more proactive in protecting their online banking activities—demonstrating that the human factor is not just influential, but foundational to managing security risk.
Even with high awareness levels, human vulnerabilities persist in online banking environments. Below are some of the most common human factor weaknesses that continue to contribute to security risk.
Users often believe they are too careful or too knowledgeable to fall victim to scams. This sense of immunity lowers their guard, making them less likely to verify suspicious emails or question unexpected requests. Overconfidence can silently increase exposure to fraud because individuals underestimate how sophisticated modern phishing and social engineering attacks have become.
Phishing emails and scam messages frequently exploit emotional triggers such as fear, urgency, or excitement. When users see messages like “Account suspended” or “Immediate action required,” they may react impulsively without verifying authenticity. Emotional pressure disrupts rational decision-making, turning quick reactions into costly mistakes.
Despite understanding the risks, many users reuse the same password across multiple accounts for convenience. If one account is compromised, attackers can easily attempt credential stuffing on banking platforms. This habit demonstrates how convenience often outweighs security discipline in everyday behavior.
Frequent security notifications and warnings can desensitize users over time. When users repeatedly encounter alerts, they may begin to ignore them automatically, assuming they are routine. This fatigue reduces the effectiveness of legitimate warnings and increases vulnerability to real threats.
Fraudsters commonly impersonate banks, government agencies, or trusted brands to manipulate victims. Because users generally trust established institutions, attackers exploit that trust to gain sensitive information. This manipulation shows that social engineering is not about breaking systems—it is about breaking human judgment.
These behavioral patterns demonstrate that the human factor is not simply about knowledge—it is deeply influenced by cognitive biases, emotional triggers, and habitual decision-making patterns.
To mitigate online banking security risk effectively, institutions must adopt a human-centric cybersecurity approach. Strengthening systems alone is not enough; security strategies must address behavioral realities.
Strengthening the human factor requires designing systems around behavioral realities, not just technical safeguards. When institutions combine technology with behavioral insight, online banking security risk can be reduced more sustainably and effectively.
Online banking security risk is a shared responsibility between financial institutions and customers. As highlighted by Bakar et al. (2025), user awareness significantly influences cybersecurity outcomes, meaning institutional protection alone is not sufficient without active user participation.
Banks must:
Users must:
Without coordinated effort from both sides, online banking security risk remains elevated despite technological safeguards.
As digital banking evolves toward AI-driven platforms, blockchain systems, and biometric authentication, security risk will not disappear—it will shift toward more sophisticated forms of exploitation. According to Bakar et al. (2025), expanding awareness dimensions is essential to strengthening future cybersecurity resilience. Attackers increasingly target:
Technological advancements may reduce system vulnerabilities, but human vulnerabilities remain dynamic. Future research recommended by Bakar et al. (2025) suggests expanding awareness dimensions to include phishing and hacking awareness, reinforcing the need for continuous human-centered security development.
Read: Why Digital Growth Increases Security Risks for Businesses
Online banking security risk cannot be fully understood without recognizing the central role of the human factor. While encryption, AI monitoring, and regulatory frameworks strengthen technical defenses, human behavior ultimately determines whether those controls succeed or fail. A recent study shows that awareness of cyber-attacks, policies and regulations, and multi-factor authentication significantly shape security outcomes in digital banking. The human factor is not a weakness by default—it is a strength that can be developed through education, behavioral design, and shared responsibility. In the digital era, the strongest firewall is not only technology, but informed human judgment.