Means of information security, such as security policies or security education, training, and awareness programs, are suggested to enhance employees’ information security behavior. We posit that at the same time, exactly those security measures may have a negative effect, if employees perceive them, for instance, as difficult to understand, time-consuming, or an invasion of their privacy. However, focusing on pure technostress, information systems (IS) research so far has neglected stress induced by means of information security, although, there is first insight on the relevance of security-related stress for IS management. Therefore, in this research-in-progress, we employ the person-environment (PE) fit model to build on as well as expand the existing IS stress literature. We thereby develop a first comprehensive framework of security-related stress, which considers non-technological aspects of security-related stress of employees’ work, personal, and social environment. In doing so, we propose a multidimensional second-order construct and conceptualize how security-related stress affects employees’ productivity directly and indirectly by promoting their perceived level of technostress. The results of our study should help IS management to anticipate and consider the downfalls of information security requirements when formulating companies’ information security measurements, and thus limit the “dark side” of information security.
Ament, Clara and Haag, Steffi, "SECURITY-RELATED STRESS – A NEGLECTED CONSTRUCT IN INFORMATION SYSTEMS STRESS LITERATURE" (2016). Research-in-Progress Papers. 74.