Cybersecurity have drawn special attention of organizations in the 21st century because of the prevalent use of technology at work. Organizations of all sizes are dependent on computers for storage, management, and transmission of confidential information and any cybersecurity breaches can lead to reputation damages and financial losses for organizations. Consequently, the ubiquitous use of technologies at work leads to a call for attention to cybersecurity. The achievement of cybersecurity goals depends on a number of factors and although many researchers have examined the independent effects of certain factors on individuals' cybersecurity behavior, there is relatively little research that takes an interactional psychology perspective to examine how individual factors, organizational factors, and factors related to methods and measurement intersect to inform and/or facilitate cybersecurity behavior. Thus, the primary purpose of this thesis was to review the literature on cybersecurity behaviors at work through an intersection of the three areas of I-O (i.e., personnel, organizational, and methods and measurement). A detailed search in GoogleScholar, PsycINFO, ProQuest Dissertations and Theses using the keywords "cybersecurity behavior", "information security behavior", "cyber-CWB" was conducted to retrieve relevant journal articles, book chapters, conference papers, and dissertations on cybersecurity. Specifically, this literature review synthesizes empirical research on (a) individual difference variables that predict cybersecurity behavior (e.g., personality traits, cognitive ability, and intention) and training to improve the knowledge, skills, and attitudes of employees, (b) organizational factors that affect cybersecurity behavior (e.g., leadership and organizational culture), (c) methods for assessing cybersecurity behavior (e.g., self-report questionnaire and simulation test), and (d) a discussion that integrates the three aforementioned areas. The thesis concludes with a discussion of contributions to science and practice, limitations, future research directions, and recommendations, which provide a framework that organizations can implement to reduce the cybersecurity risks resulting from human factors.
