"...social scientists - the latter being useful for studying the behaviours of criminals ..."
I can see that use for Social Scientists, but I think perhaps they should also be pointed in a couple of other directions.
The effectiveness of the criminals often depends on the behaviour of their victims - certainly for scams and getting unauthorised access to systems.
For me the biggest area, though, is the behaviour of those on the inside, from managers who don't get the need for security down to the people who are responsible (or should be) for implementing secure solutions, but who just don't take it seriously enough or are subverted by the criminals.
Finding approaches to cyber-security that address these very significant human factors would do a lot for our overall security.