Skip to main content Accessibility help
×
×
Home

The Looming Cybersecurity Crisis and What It Means for the Practice of Industrial and Organizational Psychology

  • Rachel C. Dreibelbis (a1), Jaclyn Martin (a1), Michael D. Coovert (a1) and David W. Dorsey (a2)

Abstract

The persistently changing landscape of cyberspace and cybersecurity has led to a call for organizations’ increased attention toward securing information and systems. Rapid change in the cyber environment puts it on a scale unlike any other performance environment typically of interest to industrial and organizational (I-O) psychologists and related disciplines. In this article, we reflect on the idea of keeping pace with cyber, with a particular focus on the role of practicing I-O psychologists in assisting individuals, teams, and organizations. We focus on the unique roles of I-O psychologists in relation to the cyber realm and discuss the ways in which they can contribute to organizational cybersecurity efforts. As highlighted throughout this article, we assert that the mounting threats within cyberspace amount to a “looming crisis.” Thus, we view assisting organizations and their employees with becoming resilient and adaptive to cyber threats as an imperative, and practicing I-O psychologists should be at the forefront of these efforts.

  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      The Looming Cybersecurity Crisis and What It Means for the Practice of Industrial and Organizational Psychology
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      The Looming Cybersecurity Crisis and What It Means for the Practice of Industrial and Organizational Psychology
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      The Looming Cybersecurity Crisis and What It Means for the Practice of Industrial and Organizational Psychology
      Available formats
      ×

Copyright

Corresponding author

Correspondence concerning this article should be addressed to Rachel Dreibelbis, University of South Florida, 4202 E. Fowler Ave., Tampa, FL 33620. E-mail: rdreibelbis@mail.usf.edu

Footnotes

Hide All

All statements expressed in this article are those of the authors and do not reflect the official opinions or policies of the United States government.

Footnotes

References

Hide All
Albrechtsen, E. (2007). A qualitative study of users’ view on information security. Computers & Security, 26 (4), 276289.
Andrijcic, E., & Horowitz, B. (2006). A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property. Risk Analysis, 26 (4), 907923.
Andriotis, P., Tryfonas, T., & Oikonomou, G. (2014, June). Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method. In International Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 115–126). Cham, Germany: Springer.
Arendasy, M. E., & Sommer, M. (2012). Using automatic item generation to meet the increasing item demands of high-stakes educational and occupational assessment. Learning and Individual Differences, 22 (1), 112117.
Ash, R. A., & Levine, E. L. (1980). A framework for evaluating job analysis-methods. Personnel, 57 (6), 5359.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 5161.
Beus, J. M., Payne, S. C., Bergman, M. E., & Arthur, W. Jr. (2010). Safety climate and injuries: An examination of theoretical and empirical relationships. Journal of Applied Psychology, 95 (4), 713727.
Boulton, C. (2017, January 26). U.S. companies spending millions to satisfy Europe's GDPR. CIO. Retrieved from https://www.cio.com/article/3161920/privacy/article.html.
Brannick, M. T., Levine, E. L., & Morgeson, F. P. (2007). Job and work analysis: Methods, research, and applications for human resource management. Thousand Oaks, CA: Sage Publications.
Brannick, M. T., Pearlman, K., & Sanchez, J. I. (2017). Work analysis. In Farr, J. L. & Tippins, N. T. (Eds.), Handbook of employee selection (pp. 134162): New York, NY: Routledge.
Buchy, J. (2016, June 30). Cyber security vs. IT security: Is there a difference? Cyber Security Degree. Retrieved from http://business.gmu.edu/blog/tech/2016/06/30/cyber-securit-it-security-difference/.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34 (3), 523548.
Campbell, S. G., Saner, L. D., & Bunting, M. F. (2016, April). Characterizing cybersecurity jobs: Applying the cyber aptitude and talent assessment framework. In Scherlis, W. L. & Brumley, D. (Chairs), Proceedings of the Symposium and Bootcamp on the Science of Security (pp. 25–27). New York, NY: ACM.
Champion, M. A., Rajivan, P., Cooke, N. J., & Jariwala, S. (2012, March). Team-based cyber defense analysis. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (pp. 218–221). Piscataway, NJ: IEEE.
Cholez, H., Mayer, N., & Latour, T. (2010). Information security risk management in computer-assisted assessment systems: First step in addressing contextual diversity. Retrieved from http://www.nmayer.eu/publis/CAA10_Information%20Security%20Risk%20Management%20in%20CAA%20Systems.pdf
Clarke, S. (2006). The relationship between safety climate and safety performance: A meta-analytic review. Journal of Occupational Health Psychology, 11 (4), 315327.
Coovert, M. D., Dreibelbis, R., & Borum, R. (2016). Factors influencing the human-technology interface for effective cyber security performance. In Zaccaro, S. J., Dalal, R. S., Tetrick, L. E., & Steinke, J. A., (Eds.), Psychosocial dynamics of cyber security (pp. 267290). New York, NY: Routledge.
Dorsey, D. W., Martin, J., Howard, D. J., & Coovert, M. D. (2017). Cybersecurity issues in selection. In Farr, J. L. & Tippins, N. T. (Eds.), Handbook of employee selection (pp. 913930). New York, NY: Routledge.
Dubie, D. (2007). End users behaving badly. Network World. Retrieved from http://www.networkworld.com/slideshows/2007/121007-end-users-behaving-badly.html.
El-Din, R. S., Cairns, P., & Clark, J. (2015). The human factor in mobile phishing. In Dawson, M. & Omar, M. (Eds.), New threats and countermeasures in digital crime and cyber terrorism (pp. 5365). Hershey, PA: Information Science Reference.
Eloff, M. M., & von Solms, S. H. (2000). Information security management: A hierarchical framework for various approaches. Computers & Security, 19 (3), 243256.
Evans, K., & Reeder, F. (2010). A human capital crisis in cybersecurity: Technical proficiency matters. Washington, DC: CSIS.
EY. (2014, December). Achieving resilience in the cyber ecosystem. Retrieved from http://www.ey.com/Publication/vwLUAssets/cyber_ecosystem/$FILE/EY-Insights_on_GRC_Cyber_ecosystem.pdf
FEMA. (2016, September). Computer network defense analyst. Position qualifications for cybersecurity. Retrieved from https://www.fema.gov/media-library-data/1494503225699-6bbd13419fc3b2e9cf75c397719fb9be/CND_Analyst_509-13_20161020.pdf.
Forrest, M., & Campbell, J. (2017, February 13). Cybersecurity workforce shortage continues to grow worldwide, to 1.8 million in five years. Retrieved June 19, 2017, from https://www.isc2.org/pressreleasedetails.aspx?id=14569.
Gibson, K., & Mulkey, J. (2016). Dumping the dopes who use braindump sites: How IBM turned the tables using data forensics. Presented at the 2016 ATP Innovations in Testing Conference, Orlando, FL.
Gordon, T., Coovert, M. D., Miles, D. E., Riddle, D., Elliott, L., & Schiflett, S. G. (2001, June). Classifying jobs: Integrating cognitive task analysis and verbal protocol analysis. Paper presented at the annual meeting of the American Psychological Association, Toronto, Canada.
Greitzer, F. L., & Frincke, D. A. (2010). Combining traditional cyber security audit data with psychosocial data: Towards predictive modeling for insider threat mitigation. In Probst, C. W. & Hunker, J. (Eds.), Insider threats in cyber security (pp. 85113). New York, NY: Springer US.
Guo, K. H. (2013). Security related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, 242251.
Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28 (2), 203236.
Gutzwiller, R. S., Fugate, S., Sawyer, B. D., & Hancock, P. A. (2015, September). The human factors of cyber network defense. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 59, No. 1, pp. 322–326). Thousand Oaks, CA: SAGE Publications.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47 (2), 154165.
Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43 (4), 615659.
Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50 (10), 94100.
Jose, I., LaPort, K., & Trippe, D. M. (2016). Requisite attributes for cyber security personnel and teams: Cyber risk mitigation through talent management. In Zaccaro, S. J., Dalal, R. S., Tetrick, L. E., & Steinke, J. A. (Eds.), Psychosocial dynamics of cyber security (pp. 167193). New York, NY: Routledge.
Kerner, S. M. (2017, May 1). HPE explains what European GDPR privacy regulations mean to U.S. firms. eWeek. Retrieved from http://www.eweek.com/security/hpe-explains-what-european-gdpr-privacy-regulations-mean-to-u.s.-firms.
Kolmstetter, E. (2003). I-Os making an impact: TSA transportation security screener skill standards, selection system and hiring process. The Industrial-Organizational Psychologist, 40, 3946.
Landis, R. S., Fogli, L., & Goldberg, E. (1998). Future-oriented job analysis: A description of the process and its organizational implications. International Journal of Selection and Assessment, 6 (3), 192198.
Mancuso, V. F., Christensen, J. C., Cowley, J., Finomore, V., Gonzalez, C., & Knott, B. (2014, September). Human factors in cyber warfare II emerging perspectives. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 58, No. 1, pp. 415–418). Thousand Oaks, CA: SAGE Publications.
Meyer, J. P. & Allen, N.J. (1997). Commitment in the workplace: Theory, research, and application. Thousand Oaks, CA: SAGE Publications.
Moon, J. (2012). What hacker apprenticeships tell us about the future of education. The Atlantic. Retrieved from http://www.theatlantic.com/technology/archive/2012/01/what-hacker-apprenticeships-tell-us-about-the-future-of-education/251039/.
Motowidlo, S. J., Borman, W. C., & Schmit, M. J. (1997). A theory of individual differences in task and contextual performance. Human Performance, 10 (2), 7183.
Mueller-Hanson, R. & Garza, M. (2016). Selection and staffing of cyber security positions. In Zaccaro, S. J., Dalal, R. S., Tetrick, L. E., & Steinke, J.A. (Eds.). Psychosocial dynamics of cyber security (pp. 167193). New York, NY: Routledge.
National Cybersecurity Workforce Framework. (2016, November). National Initiative for Cybersecurity Education. Retrieved from https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework.
Norman, K. L. (2008). Cyberpsychology: An introduction to human-computer interaction (Vol. 1). New York, NY: Cambridge University Press.
Padayachee, K. (2012). Taxonomy of compliant information security behavior. Computers & Security, 31, 673680.
Parrish, J. L. Jr., Bailey, J. L., & Courtney, J. F. (2009). A personality-based model for determining susceptibility to phishing attacks. Little Rock, AK: University of Arkansas.
Paul, C. L. (2014, November). Human-centered study of a network operations center: experience report and lessons learned. In Proceedings of the 2014 ACM Workshop on Security Information Workers (pp. 39–42). New York, NY: ACM.
Paul, C. L., & Whitley, K. (2013, July). A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness. In International Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 145–154). Berlin/Heidelberg, Germany: Springer.
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cybersecurity risk. Computers & Security, 31, 597611.
Ployhart, R. E., & Turner, S. F. (2014). Organizational adaptability. In Chan, D. (Ed.), Individual adaptability to changes at work: New directions in research (pp. 7392). New York, NY: Routledge.
Pricewaterhouse Coopers. (2017). Pulse survey: US companies ramping up General Data Protection Regulation (GDPR) budgets. Retrieved from https://www.pwc.com/us/en/increasing-it-effectiveness/publications/gdpr-readiness.html.
Privacy Shield program overview. (N.d.). Privacy shield framework. Retrieved from https://www.privacyshield.gov/Program-Overview.
Rajivan, P., Champion, M., Cooke, N. J., Jariwala, S., Dube, G., & Buchanan, V. (2013, July). Effects of teamwork versus group work on signal detection in cyber defense teams. In International Conference on Augmented Cognition (pp. 172–180). Berlin/Heidelberg, Germany: Springer.
Reynolds, D. (2010, October). A primer on privacy: What every I-O psychologist needs to know about data protection. The Industrial and Organizational Psychologist, 48 (2). Retrieved from http://www.siop.org/tip/oct10/05reynolds.aspx.
Sager, C. E., Russell, T. L., Campbell, R. C., & Ford, L. A. (2005). Future soldiers: Analysis of entry-level performance requirements and their predictors. Army Research for the Behavioral Sciences, Technical Report 1169. Alexandria, VA: United States
Sasse, M. A., Smith, M., Herley, C., Lipford, H., & Vaniea, K. (2016). Debunking security-usability tradeoff myths. IEEE Security & Privacy, 14 (5), 3339.
Schneider, B., & Konz, A. M. (1989). Strategic job analysis. Human Resource Management, 28 (1), 5163.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373–382). New York, NY: ACM. doi:10.1145/1753326.1753383.
Smith, G. (2011). Feds turn to hackers to defend nation in cyberspace. The Huffington Post. Retrieved from http://www.huffingtonpost.com/entry/government-recruits-hackers-cyber-shortage_n_920795.
Smith, R. W., & Prometric, T. (2004, April). The impact of braindump sites on item exposure and item parameter drift. Paper presented at the annual meeting of the American Education Research Association, San Diego, CA.
The IP Commission. (2013). The IP Commission Report: The Report of the Commission on the Theft of American Intellectual Property. Retrieved from http://www.ipcommission.org/report/ip_commission_report_052213.pdf.
Tippins, N. T. (2009). Internet alternatives to traditional proctored testing: Where are we now? Industrial and Organizational Psychology, 2 (1), 210.
UMUC. (2016). Cyber security primer. University of Maryland University College. Retrieved from http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm.
U.S. Department of Justice. (2015). Best practices for victim response and reporting of cyber incidents. Retrieved from https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/04/30/04272015reporting-cyber-incidents-final.pdf.
Van Niekerk, J. F., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29 (4), 476486.
Vishwanath, A. (2015). Examining the distinct antecedents of e-mail habits and its influence on the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20 (5), 570584.
Von Solms, B. (2000). Information security—the third wave? Computers & Security, 19 (7), 615620.
West, R. (2008). The psychology of security. Communications of the ACM, 51 (4), 3440.
Wiederhold, B. K. (2014). The role of psychology in enhancing cybersecurity. Cyberpsychology, Behavior, and Social Networking, 17 (3), 131132.
Wiener, N. (1961). Cybernetics or control and communication in the animal and the machine (Vol. 25). Cambridge, MA: MIT Press.
Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Industrial and Organizational Psychology
  • ISSN: 1754-9426
  • EISSN: 1754-9434
  • URL: /core/journals/industrial-and-organizational-psychology
Please enter your name
Please enter a valid email address
Who would you like to send this to? *
×

Keywords

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed