In their own words: employee attitudes towards information security

Debi Mackenzie Ashenden

Research output: Contribution to journalArticlepeer-review

396 Downloads (Pure)


Purpose - The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.

Design/methodology/approach - The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.

Findings - The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.

Research limitations/implications - The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.

Originality/value - The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.
Original languageEnglish
Pages (from-to)327-337
Number of pages11
JournalInformation and Computer Security
Issue number3
Early online date9 Aug 2018
Publication statusPublished - Sept 2018


  • information security
  • attitudes
  • personal construct psychology
  • social acceptability bias


Dive into the research topics of 'In their own words: employee attitudes towards information security'. Together they form a unique fingerprint.

Cite this