The Impact of Threatening Cybersecurity Situations on Employees: A Conceptualization of Security Perplexity Journal Article uri icon

Overview

abstract

  • As the cybersecurity landscape shifts toward more sophisticated, artificial intelligence–enabled, and unpredictable threats, employees are increasingly targeted as the primary entry points for breaches. Modern incidents, such as zero-day exploits and ransomware, often present employees with situations that are technically complex and ambiguous. We show that these situations are often perplexing for employees. Security perplexity is a tense cognitive state experienced by employees in threatening cybersecurity situations, arising from a conflict between perceived pressure to act and a simultaneous state of confusion and uncertainty about how to do so. Through rigorous construct development and multistage testing, we demonstrate that perplexity disrupts how employees cope with threats. Left unmanaged, this tension reaches a tipping point where employees move from proactive protection to maladaptive behaviors like avoidance or emotion coping. Cybersecurity managers must shift their focus from simple threat detection toward action-clarity to better support their teams. Organizations should prioritize employee coping by providing procedural walkthroughs to build confidence. Implementing a "pause-and-assess" principle with decision checklists helps employees manage ambiguity, reduces emotional escalation, and ensures a more resilient organizational response.

publication date

  • June 2, 2026

Date in CU Experts

  • June 4, 2026 3:12 AM

Full Author List

  • Lins S; Greulich M; Pienta DA; Thatcher JB; Sunyaev A

author count

  • 5

Other Profiles

International Standard Serial Number (ISSN)

  • 1047-7047

Electronic International Standard Serial Number (EISSN)

  • 1526-5536

Additional Document Info

number

  • isre.2023.0626