This study addresses the persistent threat of social engineering attacks, which exploit human vulnerabilities and are exacerbated by the absence of targeted resource allocation strategies in current defenses. Integrating Routine Activity Theory with the VIVA framework—encompassing Value, Inertia, Visibility, and Accessibility—the authors propose, for the first time, two Colonel Blotto game-theoretic models to optimize defensive resource allocation at both national and organizational levels, leveraging real-world cybercrime data. The approach enables context-aware generation of defense strategies, yielding optimal solutions for three countries and five organizational types. Empirical validation demonstrates that combining theoretical modeling with data-driven insights significantly enhances cyber resilience.

Cybercriminals increasingly target the human factor rather than continuously advancing technological defense mechanisms. Consequently, institutions that allocate substantial resources to strengthening their cybersecurity infrastructure may remain vulnerable if a deceived employee voluntarily transmits sensitive information or financial assets to attackers. Therefore, alongside the implementation of technological defense mechanisms, particular emphasis must be placed on mitigating human vulnerabilities, which can be achieved through preventive awareness programs. However, such training activities can only be effective if they are organization- and context-specific. In this paper, we develop two Colonel Blotto game models to determine the optimal allocation of defensive resources across dominant social engineering attack vectors. We ground the models in Routine Activity Theory (RAT), borrowed from criminology, that describes crime as an event involving a motivated offender, a suitable target, and the absence of a capable guardian. Next, we quantify relevant factors via the VIVA (Value, Inertia, Visibility, Accessibility) framework, and operationalize the models by feeding real-world cybercrime data into them. The first model investigates optimal population-level prevention, focusing on nation-states as defenders; we present and compare use cases of three different countries. The second model focuses on the organization as a decision-maker; here, we analyze five use cases involving organizations of different characteristics. Our results demonstrate that theoretically grounded and data-driven models can provide decision support to policymakers and organizational leaders in allocating their efforts optimally to prevent social engineering attacks and improve their overall cyber resilience.