Security Policy Causes Workplace Stress ?

Almost every company regardless of size or industry has Information Security Policy(IS Policy) or Data Protection Policy in place. At onboarding or orientation, employees are required to study these policies and follow the requirements.

Two researchers in Germany studied technostress among employees when complying IS Policy and surveyed 165 participants in 2015.

Technostress is a phenomenon that occurs when being confronted or working with new technologies. It can be described as an “inability to cope with the new technologies in a healthy manner”. In the information security domain, the researchers identified eight potential stressors of security-related stress related to workplace environment, personal environment and social environment.

Interviewees most frequently cited 'password management' as an important security-related stressor. Another example of security-overload is the need to constantly de- or encrypt emails before reading or sending respectively.

The results from survey and data analysis were mixed. There was no direct evidence showing technostress decrease or increase compliance. One interesting observation was that work environment-related stress from complexity, overload, and uncertainty has a significant negative effect on employees’ information security policy compliance intention.

Information security policy is not programming logics, human pyschology and social interactions play a vital role when enforcing these policies. Cybersecurity and data protection rules and requirements are likely to be more comprehensive. Employees especially those in regulated industries (like banks, insurance and medical companies etc) are feeling the technostress.

The full researcher paper can be accessed at here.