Does Technostress Trigger Insider Threat? A Conceptual Model and Mitigation Solutions

Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.