It ain’t my business : a coping perspective on employee effortful security behavior

Purpose: Human factor is often cited as one of the biggest challenges for organizational information security management. The purpose of this paper is to investigate how and why employees fail to carry out required security tasks. Design/methodology/approach: On the basis of coping theory, this paper develops a theoretical model to examine employee effortful security behavior (ESB). The model is tested with the data collected through a survey of computer users. Findings: The results suggest that employee procrastination of security tasks and psychological detachment from security issues are two antecedents of ESB. Psychological detachment and procrastination are in turn influenced by perceived externalities of security risk and triage of business tasks over security issues by employees. Originality/value: This paper contributes to the information systems security literature by providing a nuanced understanding of the antecedents and process of how employees cope with security task demands. It also offers some insights for practitioners in terms of the importance of designing and implementing security measures that are viewed as relevant to employees.