Cyber attacks are significantly increasing. It seems actually a real global war in which it is not yet clear who the victims are and who the perpetrators are. Many cyber-attack prevention strategies focus on systems and technology. Unfortunately, it is not enough to rely on technology as the main defence, instead of recognizing that the easiest attack vectors are the people who operate computers. Users have been identified as one of the major security weaknesses in today’s technologies, as they may be unaware that their behaviour while interacting with a system has security consequences. Addressing user-related issues is an aspect that needs significant attention to further limit the effectiveness of cyber attacks. In this perspective, artificial intelligence plays a prominent role in the prevention of cyber attacks as they can support users in their identification.

When focusing on a more professional context, such as companies or organizations, cybersecurity is jeopardised by the growing complexity of business processes, the ongoing digital transformation of companies, the extensive use of the network to provide services, as well as to communicate and share distributed resources. These are all factors that encourage and increase the interaction between the various subjects for social, economic and work purposes, thus opening the front to criminal attacks aimed at compromising the confidentiality, integrity and availability of resources and information. A successful defence strategy requires timely identification, definition and adjustment of the strategies and activities needed for facing security threats and incidents. It is evident that artificial intelligence has a prominent role here too. Again, the humans are in the loop: in order to be able to defend themselves and the organization they are in, they are required to be proficient in cybersecurity issues and to continuously update their skills, abilities, tools. The goal should be to create professionals capable of dealing with security at various levels, with clear ideas on what are the processes, functions and controls useful for security, using an in-depth knowledge structure of the company. Unfortunately, the educational offer on the cyber-attack prevention topic is still modest and universities are struggling to design training courses capable of producing professionals directly employable.

To sum up, in both cases of private users and corporate employees, there are several elements that are in common when it comes to outlining a strategy to fight cyber attacks. This strategy could be placed at the intersection of three main research areas, namely Artificial Intelligence, Human-Computer Interaction and Business Process Management.

The goal of this workshop is to bring together researchers and practitioners from the IUI community (and beyond) interested in the new opportunities and challenges of IUI in relation to cybersecurity issues, in order to discuss state of the art research, point out challenges and suggest future research directions.

Topics of interest

Topics include, but are not limited to:

  • Ethical, psychological, sociological and economic issues of security and privacy solutions
  • Foundations of usable security and privacy
  • Human factors in phishing attacks
  • Human factors related to Cybersecurity
  • Lessons learned from the design, development, use, or evaluation of security and privacy systems
  • Mental models of attackers and defenders
  • New applications of existing models or technology
  • Reports of previously published studies and experiments, even failed experiences, focusing on the lessons learned from such experiences
  • Testing of new or existing solutions for usable security and privacy research
  • Usable security and privacy for professionals, like network administrators and developers
  • Usable security/privacy evaluation of existing and/or proposed solutions based, for instance, on laboratory studies, field studies, longitudinal studies
  • Usable security/privacy of the Internet of Things (IoT)
  • Visualization techniques supporting cybersecurity experts and non-experts

Target audience

This workshop is open to everyone who is interested in topics related to Cyber attacks, with an emphasis on the aspects related to Artificial Intelligence, Human-Computer Interaction, and Business Process Management. We invite participants to present position papers addressing cybersecurity issues falling in these three areas or at their intersection. We are also interested in methods, theories and tools for managing cyber attacks.

Workshop organization

The workshop will be half-day long. A keynote statement will be presented by the organizers first, then presentations contributed by participants will follow. In the second part, participants will discuss the main points raised in a final plenary session.

Submission Instructions

In order to attend the workshop, participants are invited to submit short papers (no longer than 4 pages, including an abstract of up to 150 words) reporting original academic or industrial research relevant to the workshop's theme.

Submissions should be formatted in ACM-SIGCHI format. They have to be in PDF format.

Submissions are not anonymous and should include all author names, affiliations, and contact information.

All submissions will be reviewed by an international program committee.

Papers are submitted through the EasyChair website:

Upon acceptance, at least one author of each accepted position paper must attend the workshop.

Important Dates

  • Deadline for submission: December 6th, 2019
  • Acceptance notification: January 14th, 2020
  • Workshop date: March 17th, 2020


  • Carmelo Ardito, Politecnico di Bari, Italy – carmelo.ardito[at]
  • Giuseppe Desolda, University of Bari Aldo Moro, Italy – giuseppe.desolda[at]
  • Danilo Caivano, Sapienza - University of Bari Aldo Moro, Italy – danilo.caivano[at]
  • Tommaso Di Noia, Politecnico di Bari, Italy – tommaso.dinoia[at]


The workshop will be hosted in the frame of IUI 2020, the 25th annual meeting of the Intelligent User Interfaces community, March 17-20, 2020 - Cagliari, Italy.

Look at the main conference web site for further information (