Platform-Dependent Computer Security Complacency: The Unrecognized Insider Threat

• Published in: IEEE transactions on engineering management Vol. 69; no. 6; pp. 3814 - 3825
• Main Author: Stafford, Thomas F.
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.12.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Anomalies; Artificial intelligence; complacency; Computer crime; Computer security; Cybersecurity; Grounded theory; Monitoring; nonmalicious violators; Qualitative analysis; Security; security education and training; Training; User behavior
• ISSN: 0018-9391; 1558-0040
• DOI: 10.1109/TEM.2021.3058344

This article reports on a grounded theory investigation of subject response anomalies that were encountered in the course of a neurocognitive laboratory study of computer user cybersecurity behaviors. Subsequent qualitative data collection led to theoretical development in specification of three broad constructs of computer user security complacency. Theoretical insights indicate that states of security complacency can arise in the form of a naïve lack of concern about the likelihood of facing security threats (inherent complacency), from ill-advised dependence upon specific computing platforms and protective workplace technology implementations for protection (platform complacency), as well as the reliance on the guidance on advice from trusted social others in personal and workplace networks (social complacency). Elements of an emergent theory of cybersecurity complacency arising from our interpretive insights are discussed.