Kate Labunets
Dr. Kate Labunets is an Assistant Professor at Utrecht University and co-chair and founding member of the ACCSS Working Group on Human Factors in Cyber Security. Her research focuses on human factors in cybersecurity, usability of security mechanisms, and security behaviour. The goal of her research is to make security decisions and practices more effective, evidence-based, and user-centred. Kate has delivered invited talks across academia, industry, and policy, including USENIX Security, ICT.Open, VERSEN SENSymposium, and BEREC’s Stakeholder Forum, and was a keynote speaker at OWASP Global AppSec EU 2025 in Barcelona.
Sessie
The digital ecosystem provides vast opportunities to get things done in work and education. At the same time, the growing number of hardware, software, and services used without explicit approval or knowledge of the organisation, commonly referred to as shadow IT, creates new attack vectors and challenges cybersecurity management. This talk combines findings from three studies that explore shadow IT occurrences, influencing factors, and attitudes in higher education and corporate contexts.
Interviews with IT and security experts at higher education institutions provide a comprehensive overview of observed shadow IT types and related cyber threats, with cloud services and self-acquired or self-developed software as the most common forms. A mixed-methods study in a corporate setting uncovers different types of shadow IT and reveals a variety of mindsets towards its use, alongside an awareness–action gap between perceived risks and behavior. Finally, we introduce a newly developed assessment tool that identifies eight components of shadow IT attitudes and demonstrates meaningful associations with shadow IT behaviors. Together, these findings contribute to understanding the human aspects of security and inform responsible governance practices.