To read this content please select one of the options below:

In their own words: employee attitudes towards information security

Debi Ashenden (School of Computing, University of Portsmouth, Portsmouth, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 9 July 2018




The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.


The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.


The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.

Research limitations/implications

The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.


The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.



The author would like to thank Prof Angela Sasse for comments on an early draft of this work. This research was partially funded by the Centre for Research and Evidence on Security Threats (ESRC award ES/N009614/1).


Ashenden, D. (2018), "In their own words: employee attitudes towards information security", Information and Computer Security, Vol. 26 No. 3, pp. 327-337.



Emerald Publishing Limited

Copyright © 2018, Emerald Publishing Limited

Related articles