How Moods Can Impact Cybersecurity Behavior
January 24, 2018
Research from UD’s John D’Arcy finds that cranky employees more likely to violate cybersecurity policies
As professionals return to work after holidays, their moods are undoubtedly affected by the emotional impact of their holiday experiences, but these moods may be more critical to workplace cybersecurity than previously realized.
New research from the University of Delaware’s John D’Arcy, forthcoming in Information Systems Journal, suggests that people’s positive or negative moods can affect the likelihood that they will engage in insecure computing behavior in the workplace.
Insecure workplace computing behavior includes things like using weak passwords, accessing unapproved software or not using two-factor authentication, said D’Arcy, an associate professor at UD’s Alfred Lerner College of Business and Economics.
Most organizations have formal policies that prohibit such behavior. To try and predict why people violate these policies, D’Arcy worked with City University of Hong Kong’s Paul Benjamin Lowry to survey professionals in organizations throughout the United States about their workplace computing behavior.
The longitudinal survey found that “moods and emotions influence people’s security-related behavior,” D’Arcy said. “And these things vary from day to day, which can make people’s behavior vary from day to day.”
According to the survey, employees in better moods are more likely to have a positive attitude about security and are more likely to follow policy.
“On the flip side, if they’re in a bad mood, what you get can change from day to day,” D’Arcy said. “That makes it more likely that they will violate policy.”
This makes sense for any employee who has felt especially inconvenienced by workplace security measures during a bad day: On a day that you were feeling more positive emotions, the extra effort likely wouldn’t seem as annoying.
For more on D’Arcy’s research, check out the Lerner College’s Seeing Opportunity blog.