Understanding employee vulnerability to cyberattacks using the lens of strategic human resource management
本文构建了一个跨学科模型,揭示人力资源管理系统和组织网络安全氛围如何通过员工认知负荷和警惕性影响员工对网络攻击的脆弱性,为减少员工无意行为导致的网络安全风险提供理论指导。
Organizations implement human resource management (HRM) practices to meet their strategic goals by means of influencing employee behavior. In today’s digital age, employee cybersecurity behaviors have become critical. Cybercrimes are on the rise, creating organizational liabilities, and tarnishing the corporate image. Organizational insiders or employees are vulnerable to attacks by malicious actors such as hackers. How employees become vulnerable is a burgeoning area of scholarship. In cybersecurity research, there have been calls to study how best to reduce this vulnerability. Despite research on employee deviance, currently little research exists on why employee unintentional actions or deviations can arise that make employees (and thus the organizations) vulnerable to cyberattacks. To address this issue, this interdisciplinary and conceptual work draws from multiple areas: cybersecurity, strategic Human Resource Management, and social cognition. I develop a model that unravels multi-level factors that impact employee vulnerability to cyberattacks. The model proposes different mechanisms through which an HRM system and organizational climate for cybersecurity relate to employee vulnerability to cyberattacks. This work also unpacks the role of employee cognitive load and employee vigilance towards cyber threats in influencing employee vulnerability. The ideas developed in this work contribute to the academic discourses on cybersecurity and strategic HRM.