Understanding information security stress: Focusing on the type of information security compliance activity

Abstract

Organizations are intensifying their information security levels, as information security has become an essential element in business management. However, excessive focus on the mere reinforcement of information security has placed employees under stress. Studies have confirmed that the negative effects of stress include reduced employee productivity. Therefore, it is important to manage employee stress while enforcing information security in an organization. Based on person–environment fit theory, this study examines how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations. The results show that work overload and invasion of privacy are information security stressors. Furthermore, work overload has a greater effect on ISS in managerial security-oriented organizations, while invasion of privacy exerts a greater influence on ISS in technical security-oriented organizations. In addition, attitude to compliance with the information security policy mitigates work overload and invasion of privacy. These findings can be used as a basic reference for the establishment of employee stress management measures and the evaluation of information security stress levels.