An increasingly common threat to organisations is cyber-attack, including issues such as theft of customer data and ransomware attacks. Within cyber security, it is accepted that the question is not if an organisation will be breached, but instead when. This is demonstrated by the fact that even the largest and most technologically sophisticated organisations in the world such as Google and Facebook have suffered major cyber security breaches. An element within many cyber-attacks is the role of the individual employees within the organisation who, through action or inaction, may unintentionally facilitate cyber-attacks. Research in psychological and behavioural sciences is highly relevant to these issues; yet there is an interdisciplinary gap between this evidence base and the application of such research to cyber security challenges.