Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity

The protection of organizational information and information systems (IS) is a socio-technical issue and requires insiders take on a more proactive set of security roles. Accordingly, we contend that insiders’ abilities to enact these diverse information security roles can be explained by behavioral complexity theory. Adapted to the security context, behavioral complexity theory stipulates that insider’s ability to take appropriate precautions against organizational security threats is explained by their (1) repertoire of security roles and associated behaviors (i.e., security behavioral repertoire) and their (2) ability to switch from role to role (i.e., security behavioral differentiation). However, beyond behavioral complexity, protecting against complex security-related threats in the workplace requires significant psychological resources of insiders. Thus, to examine the influence of behavioral complexity on insiders’ protection motivation, we develop and examine an extended model of behavioral complexity including insiders’ workplace resilience—a significant work-related psychological resource Our results fully support the extended security behavioral complexity model’s role in driving an insider’s protection motivation.