Date of Award

Spring 5-2020

Document Type


Degree Name

Doctor of Business Administration (DBA)


Computer Information Systems

First Advisor

Thomas F. Stafford


Todays’ organizations need to be ensured that their critical information is secure, not leaked, and inadvertently modified. Despite the awareness of organizations and their investment in implementing an information security management plan, information security breaches still cause financial and reputational costs for organizations. A recent report of the Ponemon Institute for 2019 showed that the global cost and frequency of data breach increased, and negligent insiders are the root cause of most incidents. Many insider threats to cybersecurity are not malicious but are intentional. Specifically, more than 60 percent of reported incidents in 2019 were due to negligent or inadvertent employees or contractors (Ponemon Institute 2020). Many behavioral cybersecurity research projects investigate factors that influence mitigating information security violations, but still, there is a need to have a better understanding of behavioral factors. One of these factors is the perception of being overseen by onlookers who are organization members to whom one’s security policy violations are visible, but who are not directly involved in the behavior.

This study examines the onlooker effect through the lens of Sociometer Theory and Affective Events Theory, which were used to investigate the impact of the perception of being overseen in a workplace on an intention to violate information security policies. In addition, this study tests the hypothesis that individuals under this situation experience different negative affective responses. Finally, this research tests the hypothesis that perceived onlooker threat intensifies these relationships by examining its moderating influence.

An experimental vignette study was conducted with the Qualtrics platform with the currently employed population who are aware of information security policies in their organizations to determine responses to treatment conditions. The results suggested that the interaction of the perceived presence of onlookers and perceived onlooker threat results in experiencing negative affective responses such as shame, guilt, fear, and embarrassment. Moreover, the results showed that employees experiencing fear, guilt, or embarrassment are less intended to violate information security policies.

Overall, this research the understanding of the onlooker effect and the essential role of perceived onlooker threat. This study has substantial theoretical and practical implications for information security scholars and practitioners.

Included in

Business Commons