Quantifying Social Engineering Impact: Development and Application of the SEIS Model

Social engineering exploits human psychology rather than technical vulnerabilities, making it a strong threat in cybersecurity. By leveraging cognitive biases and social dynamics, attackers use methods like phishing, pretexting, and baiting to deceive individuals into compromising sensitive information. This study introduces the Social Engineering Impact Scoring (SEIS), a quantitative model designed to assess the impact of social engineering attacks on organizations. The SEIS model provides a structured, data-driven approach to evaluate key metrics, each weighted based on its empirical impact on overall risk. The study also highlights the importance of SEIS in offering a balanced assessment of technical and behavioral vulnerabilities, thereby enhancing the organization’s capacity to foster a security-aware culture and mitigate the impact of social engineering threats