Psychosocial risks: Can their effects on the security of information systems really be ignored?
Purpose ‐ The purpose of this paper is to highlight the relation of psychosocial risks to information security (IS). Although psychosocial risks at the workplace have been extensively researched from a managerial point of view, their effect on IS has not been formally
studied to the extent required by the gravity of the topic. Design/methodology/approach ‐ Based on existing research on psychosocial risks, their potential effects on IS are examined. Findings ‐ It is shown that as psychosocial risks affect people at the workplace,
they diminish their ability to defend IS. Research limitations/implications ‐ Psychosocial risks are identified as a factor in IS breakdown. Future research should be directed towards assessing the significance of the effects of various psychosocial risks on IS, creating an assessment
methodology for the resulting IS posture of the organisation and devising mitigation methodologies. Practical implications ‐ The proposed approach will provide a significant part of the answer to the question of why IS fails when all prescribed measures and controls are in place
and active. More effective controls for psychosocial risks at the workplace can be created as the incentive of upholding IS will be added to the equation of their mitigation. Social implications ‐ The organisational environment in which human beings are called upon to function
in a secure manner will be redefined, along with what constitutes a "reasonable request" from human operators in the context of IS. Originality/value ‐ Bringing together psychosocial risks and IS in research will provide a better understanding of the shortcomings of human nature
with respect to IS. Organisations and employees will benefit from the resulting psychosocial risk mitigation.