How Information Security Requirements Stress Employees
Research paper by Clara Ament (Goethe University Frankfurt) & Steffi Haag
Ever heard of Technostress? It is a phenomenon that occurs when being confronted or working with new technologies. With work from home (WFH), technostress is also coming to home!
Almost every company regardless of size or industry has Information Security Policy(IS Policy) or Data Protection Policy in place. At onboarding or orientation, employees are required to study these policies and follow the cybersecurity requirements.
It can be described as an “inability to cope with the new technologies in a healthy manner”. In the information security domain, the researchers identified eight potential stressors of security-related stress related to workplace environment, personal environment and social environment.
Passwords and Encrypted Emails
Two researchers in Germany studied technostress among employees when complying IS Policy and surveyed 165 participants in 2015. Interviewees most frequently cited 'password management' as an important security-related stressor. Another example of security-overload is the need to constantly de- or encrypt emails before reading or sending respectively.
The results from survey and data analysis were mixed. There was no direct evidence showing technostress decrease or increase compliance. One interesting observation was that work environment-related stress from complexity, overload, and uncertainty has a significant negative effect on employees’ information security policy compliance intention.
Information security policy is not programming logics, human psychology and social interactions play a vital role when enforcing these policies. Cybersecurity and data protection rules and requirements are likely to be more comprehensive. Employees especially those in regulated industries (like banks, insurance and medical companies etc) are feeling the technostress.
The full researcher paper can be accessed at here.
Written by Antony Ma