PACIS 2020 Proceedings


Resilient employees thrive in challenging situations and adapt well to changing environmental demands. Founded in theories of positive psychology, the concept of resilience has never been adapted to the information security context. We are the first to develop and test a security-specific resilience construct. We contribute to the existing literature on information security behavior by analyzing its relationship with egoresilience and proposing digital security resilience as a mediator. Results of a first empirical study (n=137) show that employees with high digital security resilience perform significantly better in securing and updating devices, generating passwords, and demonstrating a proactive awareness. Ego-resilience only impacts security behavior when mediated by digital security resilience. Our findings underline the importance of taking a differentiated look at resilience in information security and incorporating resilience training in organizations. Theoretical and managerial implications are discussed and future work is suggested.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.