Design Thinking: A human-centered approach for better cybersecurity solutions

Over the last few decades, privacy and data security have become crucial to the reputation and success of organizations. The cyber threat landscape is continuously evolving, hackers are constantly looking for a new way to exploit businesses and individuals alike, cyber-attacks such as Ransomware, DDoS (Distributed Denial of Service), and Phishing scams have wreaked havoc on businesses and governments globally.

Cyber Security threats have been motivating organisations to ask this vital question, “how can we provide better solutions to protect our people and data efficiently and proactively?” 

Well, it all starts with people, whether they are customers whose information could be compromised, or employees who work tirelessly on proprietary data and formulas that every competitor wants to steal, or top executives who have access to very sensitive and confidential information. This created the need for an approach that places humans and not technology at the center of the problem and its potential solutions. This is where design thinking comes into the picture to bridge this gap and offer solutions to complex problems with a people-centric approach.

This blog post aims to help you understand the importance of design thinking and how it can be used to help resolve problems related to information security.

Dangers of Cyberattack

In April 2021, The Washington D.C. police department’s announced that its computer network was breached and a ransomware group claims to have downloaded more than 250 gigabytes of sensitive data from its servers. The hackers threatened to leak the data if their ransom demands were not met in a few days. They even threatened to leak information about police informants to criminal gangs. More sinister attacks were directed to access government databases and leak sensitive information to the masses. Today, cyber-attack is amongst the most efficient tools used by terrorist groups to carry out their crimes.

No wonder why cybersecurity solutions need to adopt new innovative ways to ensure that security needs are not only looked after from a technology lens, but also from the user’s perspective to keep up with this fast-moving wave. And this is where design thinking comes in.

So What’s Design Thinking Anyway? 

Design thinking is the process of creating a design methodology that uses a solution-based approach to solve problems. When trying to solve complex unknown issues, design thinking avoids solving them in isolation. You need to bring the people affected by the problem into consideration and reframe the problem in a human-centric way (such as understanding how the issue affects people and why it existed in the first place). In a nutshell, design thinking involves placing humans at the heart of both the problem and its potential solutions.

 Design thinking has the following Principles:

  • Empathize

  • Define

  • Ideate

  • Prototype & Test

Applying these Design thinking methods effectively would allow you to solve complex issues for your business

 How to use the Design Thinking Principles in Cybersecurity context 

The stages mentioned above are principles that will guide towards creating better cybersecurity solutions. Let’s quickly examine them.

 Principle 1: Empathize with the end User

Although management models today focus on customers (individuals or businesses), design thinking models offer more. For instance, empathy places the users at the center of the problems and solutions. It considers all factors, both hard (technical and functional needs) and soft (customers’ beliefs, behaviours, and emotions) by walking in the user’s shoes to identify their pain points and get a deeper understanding of what they need. Conducting interviews and workshops with users and allowing them to spell out their concerns toward a given subject matter is an important step in this process. For example, get your users to speak about what they think about their current cyber threats reporting mechanisms, what do they hear from domain experts, what do they see in the outside world (news, reports, researches), and what would they need to do about it.

Empathy Canvas Map, Source online.visual-paradigm.com

There are several strategies to develop empathy with users, building empathy canvas maps is one of them. It is designed to dig deeper into the emotional perspective and help identify pain points through gathering input in a humanised way.

Principle 2: Redefine the problem and focus on the total solution

Cybersecurity experts often adopt an analytical problem-solving model. They study and define the technical problems, identify the technical ramifications, and then create a technical solution. Information security experts come to the rescue by quickly developing and deploying new products and security measures. This system has proved to become effective in cybersecurity; however, it has its problems. While it may prove helpful in the short run, lapses will arise in the future.

Design thinking motivates us to look beyond the present crisis by creating longstanding goals for our security actions and a roadmap to achieve them. It tells us to take a holistic view of problems when developing real solutions and creating an atmosphere where each product and program works together.

In the define phase, we collectively define and synthesise our findings from the user point of view and converge them to come up with a meaningful and actionable problem statement that uncovers specific needs that drive the Ideation phase in the right direction. For example, users lack an effective way for cybersecurity threat monitoring and detection within their network. They often cannot recognise security alerts generated by applications and network hardware. Mind mapping and affinity diagrams are great tools to stimulate your thinking and organise your ideas.

Principle 3: Ideate

Creating a long-term vision doesn’t mean you should take years to develop solutions. Design thinking simply asks you to act small and fast. It promotes long-term thinking but with small quick steps to reach that goal. Ideas are usually born out of the available information at our disposal. Once you have a human-centric view of the problem, you can quickly develop great ideas to provide outstanding and sustainable cybersecurity solutions for your users.

Ideation is an Iterative and collaborative process, it aims to generate solutions with testable narratives against a well-defined problem. Proposed solutions and ideas should then be categorised and narrowed down so the team can select the best fit from a shortlist.

There are multiple techniques that can help facilitate that selection process such as Dot Voting, Now Wow How Matrix, and Six Thinking Hats

Principle 4: Prototype & Testing

Information security products and services are usually of high value to end-users. Hence, consumers must have high trust and confidence in you before buying your products or services. With design thinking, you can build prototypes and identify what works and what doesn’t. It enables you to experiment and prove (or disprove) your proposed solutions and ideas from the Ideation phase, and quickly adjust to your customers’ feedback. For example, prototyping a scaled-down version of a security alert dashboard simulating what your customers would see in a real-world scenario is vital to obtain early feedback and dynamically update the prototype until fully matched with your customer’s need.

The high-risk nature of the cybersecurity niche makes it challenging to satisfy customers. Hence, if you can generate prototypes to validate solutions that meet your users’ needs, then you will reach your targeted solution with minimum rework and maximum productivity.

It is important to mention that design thinking aligns well with Agile ways of working. While design thinking focuses on understanding what the customers desire along with designing the right solution for them, Agile ways of working focuses on the “how” side of delivery where teams work together to deliver smaller units incrementally until the final product is produced. The key is to find the right balance between the two approaches by creating an environment that is focused on user-centricity and rapid iteration.


Your users are the axis of the journey! Their needs are the seeds for innovation every step in the process. Hence, the solution that you build using design thinking principles is ready to be utilised. You are no longer releasing a product that is unusable and doesn’t meet your customer’s needs.

Design thinking will aid cybersecurity experts to understand how to best address business and users’ security concerns by understanding where problems occur and generate ideas that can be translated into solutions in a flexible and dynamic approach to safeguard businesses and users against the ever-changing threat landscape.

Resources and where to learn more

[1] https://www.interaction-design.org/literature/article/5-stages-in-the-design-thinking-process

[2] https://www.maqe.com/insight/the-design-thinking-process-how-does-it-work/

[3] https://securitybrief.com.au/story/how-user-centred-design-is-reshaping-cybersecurity

[4] https://www.thoughtworks.com/insights/blog/design-thinking-increase-information-security-and-data-privacy

[5] https://www.forbes.com/sites/forbestechcouncil/2018/05/22/how-design-thinking-can-change-cybersecurity/?sh=695cc8258d93

[6] https://online.visual-paradigm.com/diagrams/templates/empathy-map/empathy-map-canvas/

Written by: Ghaith (Guy) Mahdi