Abstract
Organizations implement human resource management (HRM) practices to meet their strategic goals by means of influencing employee behavior. In today's digital age, employee cybersecurity behaviors have become critical. Cybercrimes are on the rise, creating organizational liabilities, and tarnishing the corporate image. Organizational insiders or employees are vulnerable to attacks by malicious actors such as hackers. How employees become vulnerable is a burgeoning area of scholarship. In cybersecurity research, there have been calls to study how best to reduce this vulnerability. Despite research on employee deviance, currently little research exists on why employee unintentional actions or deviations can arise that make employees (and thus the organizations) vulnerable to cyberattacks. To address this issue, this interdisciplinary and conceptual work draws from multiple areas: cybersecurity, strategic Human Resource Management, and social cognition. I develop a model that unravels multi-level factors that impact employee vulnerability to cyberattacks. The model proposes different mechanisms through which an HRM system and organizational climate for cybersecurity relate to employee vulnerability to cyberattacks. This work also unpacks the role of employee cognitive load and employee vigilance towards cyber threats in influencing employee vulnerability. The ideas developed in this work contribute to the academic discourses on cybersecurity and strategic HRM.