Fear of Missing Out Predicts Employee Information Security Awareness Above Personality Traits,Age,and Gender

Abstract

The role of human factors in employee information security awareness (ISA) has garnered increased attention, with many researchers highlighting a potential link between problematic technology use and poorer online safety and security. This study aimed to present additional evidence for this by exploring the relationship between of Fear of Missing Out (FoMO) and ISA in employees. A total of 718 participants completed an online questionnaire that included a measure of FoMO, ISA, as well as the Big Five personality inventory. Participants who reported higher levels of FoMO had lower overall ISA, as well as having poorer knowledge, a more negative attitude, and engaged in riskier behaviors in relation to ISA. FoMO was also demonstrated to be the largest single negative predictor for ISA, above that of age, gender, and the key personality traits tested. The potential reasons for the influence of FoMO over ISA are discussed, as well as the implications for organizational information security.

Introduction

In the context of organizational cybersecurity the human component has often been viewed critically, often being referred to as the “weakest link.”^1–4 However, there has been a growing appreciation that employees may provide the best defense against compromising cyberattacks so long as they are properly motivated and trained.^1,5,6 Improving the information security awareness (ISA) of employees within any organization is critical to protecting the organization from a variety of threats, including loss of sensitive data and direct attacks on the system.⁷ To develop more effective and engaging training, a better understanding of the individuating factors that may lead employees to take fewer risks with their online safety and security is of critical importance. One concept that has been previously linked to increased risk taking and increased vulnerability online is that of Fear of Missing Out (FoMO).^8,9 In brief, FoMO relates to a pervasive anxiety that is acerbated when an individual feels that they are missing out on rewarding social experiences because they cannot get online.¹⁰ In the context of this study it is suggested that this could drive an individual to take more risks with their online safety and security, ignoring accepted ISA rules and protocols. This study also considers the role of age, gender, and personality traits (which have been shown to present predictive value) alongside FoMO on ISA, with the aim of taking this topic one step further.

Human factors and ISA

The concept of ISA has two essential components: the first relates to the level of knowledge the individual employee has about acceptable use of IT and associated security policy.¹¹ The second aspect is the extent to which the individual is committed to these principles and how well their behavior aligns with the current guidance.¹¹ It is the latter aspect of ISA that lends itself to being explored in terms of individual differences as it is these that may directly influence the uptake of accepted practices and behaviors related to such.

Previous research exploring the role of human factors in the context of ISA has tended to focus on generic personality traits and risk-taking behaviors.¹² A growing body of work that has begun to focus directly on factors associated with artifacts linked to modern daily life and the growth in the use of digital technology. For example, both Internet addiction and cyberloafing have been demonstrated to have a significant impact on employee ISA¹³; those individuals who experienced higher levels of Internet addiction, and who engaged in more extreme forms of cyberloafing (watching online pornography or updating personal websites during work time) were more likely to have poorer ISA. These findings suggest that individuals who have problematic attachment to the Internet and associated platforms (e.g., social media, online gaming, and online gambling), to stay online, they take more risks with not only their own cybersecurity, but also that of the organization that they work for.

FoMO has been previously conceptualized as an ostensibly socially driven phenomenon, with individuals displaying an increased propensity to seek more rewarding social experiences online.¹⁴ It has also been suggested that this drive to seek out rewards through online interactions may in turn mean that individuals with higher levels of FoMO are less risk averse.^8,14 Indeed, many studies have noted a link between high levels of FoMO and a propensity to disclose more personal information online, which increases potential online vulnerability of those with high FoMO.^8,15,16 Other studies have noted that among adolescents, higher levels of FoMO served as a significant predictor for online risk taking, including sharing intimate images, sharing passwords, and befriending strangers on social media platforms.⁹ FoMO has also been associated with a possible state of addiction, particularly in the context of social media use,¹⁷ as well as problematic smartphone use,¹⁸ and distracted learning.¹⁰ Apart from that, the concept of “self-regulation limbo”^8,10—a process leading to individuals spending an increased amount of time online to engage in an affirmation of their self-identity as well and enhancing their self-esteem, has been previously linked to FoMO. The patterns of psychological needs and motivation described earlier could lead to individuals oversharing their personal information,⁸ which may in turn be linked to a disregard for sensitive company data.

Aims and objectives

This research aimed to further explore the link between FoMO and ISA. FoMO has been associated with a number of antecedents that could preclude an individual to have poorer ISA. These factors include increased risk taking, problematic use of the Internet (related to social media use), and a propensity for oversharing information. All these facets of FoMO have the potential to decrease ISA in the individual as they attempt to overcome the anxiety related to being disconnected from the Internet and social media platforms. It is assumed that an individual who experiences higher levels of FoMO would be more likely to ignore information security advice to get online, therefore leading to poorer ISA. In the context of this article, it is hypothesized that those individuals who experience higher levels of FoMO would have poorer ISA; therefore, FoMO will act as a significant predictor for ISA.

Methods

Participants

In total, 718 participants aged between 18 and 64 years (M = 38.87; SD = 12.45) were recruited to take part in this study through Qualtrics Participants Panels, and completed an online questionnaire. Participants were paid a small honorarium for taking part in the study (£4.50). The sample consisted of 49 percent male participants, with 97 percent stating that they were working full-time, and 3 percent part-time. Participants also used computer-based technology for at least one and three-quarter hours of their working day and had either formal or informal knowledge of rules governing IT use in the workplace.

Materials

The following self-report measures were used in this study.

The Human Aspects of Information Security Awareness Scale

As a measure of ISA, this study used the Human Aspects of Information Security Questionnaire (HAIS-Q).^11,19 All of the questions in this section were answered on a 5-point Likert-type scale (1 = strongly disagree; 5 = strongly agree). Cronbach's alphas for knowledge, attitude, and behavior (α_Knowledge = 0.91; α_Attitude = 0.94; α_Behavior = 0.93) were similar to previously reported values.¹¹ Possible scores for the subscales range from 21 to 105, with possible total scores for the HAIS-Q ranging from 63 to 315. Higher values indicate a more positive engagement with ISA.

FoMO scale

FoMO was assessed using the 10-item Fear of Missing Out scale (FoMOs¹⁰). Participants were asked to rate statements on missing out on important information and fears relating to friends having more rewarding experiences than themselves. Internal reliability was α = 0.91, in line with previous values.¹⁰ Higher scores indicate higher levels of FoMO.

Big Five Personality Inventory

The Big Five Personality Inventory (BFI), a 44-item inventory that measures an individual's personality, across five key dimensions (extraversion, agreeableness, neuroticism, openness, and conscientiousness²⁰) was used to asses broader personality traits. Items were scored on a 5-point Likert scale (1 = strongly disagree; 5 = strongly agree). The stability of such personality traits in an adult population has been previously demonstrated.²¹ In the context of this study, the BFI was used to explore the relationships between individual personality constructs and ISA, and not as a conclusive measure of personality. Cronbach's alphas over >0.70 on all dimensions were found (α_Extraversion = 0.73; α_{Agreeableness} = 0.71; α_{Conscientiousness} = 0.77, α_Neuroticism = 0.77; α_Openness = 0.70).

Data analysis

All statistical tests were conducted using SPSS (version 25).

Results

Descriptive statistics for the key factors and Pearson's correlations are shown in Table 1, where n = 718. A significant positive correlation between scores on the HAIS-Q and age was noted (r = 0.380, p = 0.000), and resonates well with previous research demonstrating a link between ISA and age.^12,22 In terms of the personality traits, both agreeableness (r = 0.491, p < 0.001) and conscientiousness (r = 0.570, p < 0.001) had moderate positive correlations with scores on the HAIS-Q, again supporting previous research in this area.¹² Finally, FoMO was moderately negatively correlated with total scores on the HAIS-Q (r = −0.542, p < 0.001) as well as with each of the subscales related to ISA knowledge (r = −0.539, p < 0.001), attitude (r = −0.512, p < 0.001), and behavior (r = −0.521, p < 0.001).

Table 1.

Descriptive Statistics and Correlations for Key Variables

	1	2	3	4	5	6	7	8	9	10	11
1. Age	—
2. HAIS-Q total	0.380^**	—
3. HAIS-Q knowledge	0.353^**	0.961^**	—
4. HAIS-Q attitude	0.363^**	0.977^**	0.915^**	—
5. HAIS-Q behavior	0.386^**	0.960^**	0.871^**	0.913^**	—
6. Extraversion	−0.043	−0.050	−0.058	−0.053	−0.033	—
7. Agreeableness	0.207^**	0.491^**	0.487^**	0.469^**	0.468^**	0.215^**	—
8. Conscientiousness	0.320^**	0.570^**	0.565^**	0.537^**	0.553^**	0.156^**	0.628^**	—
9. Neuroticism	−0.308^**	−0.172^**	−0.175^**	−0.150^**	−0.175^**	−0.294^**	−0.319^**	−0.384^**	—	—	—
10. Openness	0.047	0.120^**	0.101^**	0.118^**	0.129^**	0.328^**	0.290^**	0.261^**	−0.137^**	—
11. FoMOs	−0.341^**	−0.542^**	−0.539^**	−0.512^**	−0.521^**	0.060	−0.305^**	−0.374^**	0.293^**	0.036	—
Score range (min–max)	18–64	169–315	48–105	48–105	50–105	9–39	14–45	13–45	8–39	15–45	13–53
Mean	38.86	241.99	79.67	82.06	80.25	24.92	32.24	32.83	23.14	33.70	27.28
SD	12.46	46.51	15.67	16.77	15.68	5.16	5.36	5.73	5.64	5.38	9.29

FoMOs, Fear of Missing Out scale; HAIS-Q, Human Aspects of Information Security Questionnaire; SD, standard deviation.

p < 0.01.

Independent samples t-test was conducted to examine gender differences in FoMO and total HAIS-Q scores. There was no significant difference between males (M = 26.90, SD = 9.82) and females (M = 27.66, SD = 8.76) for scores on the FoMOs [t(699.784) = −1.098, p > 0.05]. There was also no significant difference between males (M = 238.71, SD = 47.12) and females (M = 245.15, SD = 45.75) for total scores on the HAIS-Q [t (719) = −1.856, p > 0.05].

To determine if FoMO can predict participants' HAIS-Q scores, over and above general personality traits, a three-stage hierarchical multiple regression was conducted. In line with previous research, age and gender were entered at stage one of the regression to control for these variables.^12,22,23 Personality factors were entered in stage two, again aligned with previous research in this area.¹² Finally, FoMO was entered into the final stage of the model given the limited research evidence related to the impact of this factor on ISA. The Durbin–Watson statistic was 1.99, suggesting that independence of errors could be assumed, and values of tolerance suggested that multicollinearity was not a concern [variance inflation factor (VIF) average = 1.42, tolerance average = 0.73].

The results of the regression are displayed in Table 2. In the first stage, with age and gender as the key predictors, the model explained 19 percent of the variance in total HAIS-Q scores. In stage two, an additional 25 percent of variance in HAIS-Q scores was accounted for, with openness to experience failing to be a significant predictor (p > 0.05). In the final stage, FoMO accounted for an additional 9 percent of the total variance in HAIS-Q scores. In total, the key variables accounted 52 percent of the variance in scores on the HAIS-Q. Age, gender, agreeableness, conscientiousness, neuroticism, and FoMO were all significant predictors in the final model with FoMO being the most influential single predictor.

Table 2.

Hierarchical Regression Analysis

	Model 1				Model 2				Model 3
	B	SE B	β	T	B	SE B	β	t	B	SE B	β	t
Constant	164.73	6.20		26.55^**	46.453	16.10		2.88^**	103.45	15.67		6.60^**
Gender (female = 0)	21.11	3.33	0.227	6.33^**	9.64	2.9	0.10	3.28^**	0.71	0.12	0.19	6.16^**
Age	1.71	0.13	0.46	12.78^**	0.81	0.11	0.22	7.39^**	8.58	2.71	0.09	3.17^*
Extraversion					−1.13	0.28	−0.13	−3.98^**	−0.76	0.26	−0.08	−2.88^*
Agreeableness					2.04	0.33	0.24	6.23^**	1.64	0.30	0.19	5.40^**
Conscientiousness					3.11	0.314	0.38	9.93^**	2.54	0.29	0.31	8.66^**
Neuroticism					0.59	0.28	0.07	2.13^*	1.05	0.26	0.13	4.09^**
Openness					−0.02	0.27	−0.00	−0.07	0.34	0.25	0.04	1.34
FoMO									−1.70	0.15	−0.34	−11.31^**
R ²	0.190				0.434				0.521
Adj R²	0.188				0.429				0.516
F	83.83^**				77.92^**				96.372^**

p < 0.05; ^**p < 0.001.

FoMO, Fear of Missing Out.

Discussion

The aim of this study was to examine the relationship between FoMO and ISA. Given that previous research had highlighted links between the need to stay online, risk taking, and oversharing of information, it was hypothesized that higher levels of FoMO would be linked to increased risk taking and, therefore, poorer ISA in employees. The results of this study demonstrated that FoMO acted as the most influential single predictor for ISA when personality factors and key demographic variables were controlled for. The following section will seek to summarize the key findings of this study, while making some suggestions for further research.

FoMO and ISA

Overall, the results from this study demonstrate that those individuals who self-reported higher levels of FoMO are less engaged in ISA in the workplace. Specifically, they have poorer knowledge in regard to ISA, a more negative attitude toward it, and engage in behaviors that could jeopardize organizational information security. There are a number of potential reasons why FoMO enacts such an influence over ISA. Predominately, individuals who exhibit higher levels of FoMO could already be engaged in higher levels of risk taking with their own online safety and security.^8,14 If these individuals are already taking risks with their own online safety, it is assumed that this risk taking will extend to their place of work particularly. They may indeed engage in more risky online behaviors once in the workplace, a process that has been linked to the risk compensation hypothesis.^13,24 Such a process means that the individual will often be seen to take more risks with cybersecurity and information security in the workplace as they perceive such environments to be more protected by technological interventions (e.g., firewalls, antivirus software) compared with their home networks.¹³

The drive for the individual to stay online and remain connected to social media could in turn serve to make them override accepted policies and protocols related to organizational ISA. In a similar regard, FoMO has also been linked to individuals oversharing personal information online,⁸ which could also include aspects of sensitive company information, including passwords and usernames. Previous research has noted that other activities associated with a problematic attachment to digital technology also influence the way in which the individual approach their online safety and security within the workplace. For example, research has noted that those employees who scored more highly on a measure of problematic Internet use were also more likely to have poorer ISA.¹³ Poorer ISA was also linked to the frequency of an individual engaging in cyberloafing activities, which has also been shown to have an association with problematic attachments to digital technology and associated platforms, such as online gambling and gaming.^13,25 It would appear that any factor that serves to motivate an individual to stay online also has the capacity to override an individual's capacity to assess risk that is associated poor ISA. As FoMO was strongly correlated to each of the subscales of ISA, it would appear that this does not just impact on one aspect such as behavior, but has a global negative impact on knowledge and attitude to ISA as well.

The results related to personality factors and ISA corroborate previous research in this area, with conscientiousness and agreeableness being the most prominent and stable of the personality traits when it comes to predicting positive engagement with ISA.^12,22 There have been varied findings according to the impact age and gender has upon ISA, with some researchers suggesting no impact,¹² whereas others finding an impact for age and not gender.²³ This study also indicates that age and gender play a significant role as predictors for ISA, but there was no significant differences observed for HAIS-Q scores and gender. As there have been varied findings in this area, further research is suggested to explore potential differences in gender and ISA. In previous research, it has been suggested that younger populations are more frequently engaged in the use of digital technology, therefore increasing their potential susceptibility to cybercrime.²⁶ Aspects of impulse control have also been linked to risky online behaviors, which in turn could be linked to the age-related differences in ISA observed in this study.^27–29 The discrepancy in findings related to this factor would appear to suggest that more research also needs to be done to establish why age should impact directly on ISA, and if such a finding is robust.

Limitations and suggestions for future research

This study is not without its limitations, particularly in terms of the self-report nature of the measures used, especially as participants may want to present their ideal set of behaviors when it comes to ISA in the workplace.¹³ Even in instances where participants were assured that their responses could not be linked to them or their place of work, they may have been reticent to provide completely truthful responses. However, as other researchers have noted, the alternative approaches to providing an objective measure for ISA are also fraught with a similar set of issues, particularly as many ISA transgressions go unreported or undetected.^7,13 Indeed, previous researchers have argued against the notion that self-report studies are inferior,³⁰ and instead should be seen as valid tools for initial tests of hypotheses, as was the aim in this study.

Owing to correlational nature of this study, future research might also explore the relationship between FoMO and workplace information security in a longitudinal manner. It would be also advisable to experimentally manipulate FoMO in the laboratory and observe subsequent online behavior, as this would provide data for a causal inference. Disentangling what might drive the inconsistent results relating to age, gender, and ISA could also be of interest to future research.

Conclusion

As the role of human factors in online safety and security gathers more attention, it is hoped that a growing understanding of the potential predictors for good and bad practices can be amalgamated into a clearer framework. From this, researchers, security professionals, and those who have the arduous task of protecting individuals online can start to adapt practical interventions that will go some way to ameliorating online risk. This research has demonstrated that FoMO presents as an additional predictor of ISA, beyond that of demographic characteristics and personality traits. Exploring ways of reducing FoMO in individuals who show a higher propensity toward such behaviors may present one way of not only reducing individual anxiety, but also has the potential to reduce the possibility of information security breaches in the workplace.

Footnotes

Author Disclosure Statement

No competing financial interests exist.

Funding Information

Funding for this project was provided by De Monfort University's research incentivisation scheme.

References

Sasse

, Brostoff

, Weirich

. Transforming the weakest link a human/computer interaction approach to usable and effective security. BT Technology Journal, 2001; 19:122–131.

Boss

, Kirsch

, Angermeier

, et al. If someone is Watching, I'll do what I'm asked: mandatoriness, control, and information security. European Journal of Information Systems, 2009; 18:151–164.

Nurse

JRC

, Creese

, Goldsmith

, et al. Trustworthy and effective communication of cybersecurity risks: a review. Proceedings of 2011 1st Work Socio-Technical Aspects in Security and Trust (STAST 2011) 2011, Milan, Italy: IEEE, pp. 60–68.

Shropshire

, Warkentin

, Sharma

. Personality, attitudes, and intentions: predicting initial adoption of information security behavior. Computers & Security, 2015; 49:177–191.

Hadlington

. (2018) The “human factor” in cybersecurity. In Mcalaney

, Frumkin

, eds. Psychological and behavioral examinations in cyber security [Internet]. Hershey. PA: IGI Global, pp. 46–63.

Bada

, Sasse

, Nurse

JRC

. Cyber security awareness campaigns why do they fail to change behaviour?. ISSN, 2014:118–131.

Parsons

, McCormac

, Butavicius

, et al. Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers and Security, 2014; 42:165–176.

Buglass

, Binder

, Betts

, et al. Motivators of online vulnerability: the impact of social network site use and FOMO. Computers in Human Behavior, 2017; 66:248–255.

Popovac

, Hadlington

. Exploring the role of egocentrism and fear of missing out on online risk behaviours among adolescents in South Africa. International Journal of Adolescence and Youth, 2020; 25:276–291.

10.

Przybylski

, Murayama

, Dehaan

, et al. Motivational, emotional, and behavioral correlates of fear of missing out. Computers in Human Behavior, 2013; 29:1841–1848.

11.

Parsons

, Calic

, Pattinson

, et al. The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Computers & Security, 2017; 66:40–51.

12.

McCormac

, Zwaans

, Parsons

, et al. Individual differences and information security awareness. Computers in Human Behavior, 2017; 69:151–156.

13.

Hadlington

, Parsons

. Can Cyberloafing and Internet addiction affect organizational information security?. Cyberpsychology, Behavior and Social Networking, 2017; 20:567–571.

14.

Riordan

, Flett

JAM

, Hunter

, et al. Fear of missing out (FoMO): the relationship between FoMO, alcohol use, and alcohol-related consequences in college students. Annals of Neuroscience and Psychology, 2015; 2:7.

15.

Dredge

, Gleeson

, De

, et al. Presentation on Facebook and risk of cyberbullying victimisation. Computers in Human Behavior, 2014; 40:16–22.

16.

Trepte

, Reinecke

. The reciprocal effects of social network site use and the disposition for self-disclosure: a longitudinal study. Computers in Human Behavior, 2013; 29:1102–1112.

17.

Lai

, Altavilla

, Ronconi

, et al. Fear of missing out (FOMO) is associated with activation of the right middle temporal gyrus during inclusion social cue. Computers in Human Behavior, 2016; 61:516–521.

18.

Elhai

, Levine

, Dvorak

, et al. Fear of missing out, need for touch, anxiety and depression are related to problematic smartphone use. Computers in Human Behavior, 2016; 63:509–516.

19.

McCormac

, Parsons

, Zwaans

, et al. (2016) Test-retest reliability and internal consistency of the Human Aspects of Information Security Questionnaire (HAIS-Q). Australian Conference on Information Systems. Wollongong, pp. 1–10.

20.

John

, Srivastava

. Big Five Inventory (Bfi). Handbook of Personality Theory and Research, 1999; 2:102–138.

21.

Cobb-Clark

, Schurer

. The stability of big-five personality traits. Economic Letters, 2012; 115:11–15.

22.

Parsons

, Butavicius

, Lillie

, et al. (2018) Which individual, cultural, organisational and interventional factors explain phishing resilience? In Furnell SM, Clarke N, eds. Proceedings of the 12th International Symposium on Human Aspects of Information Security and Assurance. Plymouth, UK: University of Plymouth, pp. 1–10.

23.

Pattinson

, Butavicius

, Parsons

, et al. (2015) Factors that influence information security behavior: An Australian web-based study. In: International Conference on Human Aspects of Information Security, Privacy, and Trust, Cham, Switzerland: Springer, pp. 231–224.

24.

Hoyes

, Dorn

, Desmond

, et al. Risk homeostasis theory, utility and accident loss in a simulated driving task. Safety Science, 1996; 22:49–62.

25.

Blanchard

, Henle

. Correlates of different forms of cyberloafing: the role of norms and external locus of control. Computers in Human Behavior, 2008; 24:1067–1084.

26.

Bidgoli

, Knijnenburg

, Grossklags

. When cybercrimes strike undergraduates. eCrime Res Summit, eCrime, 2016; 2016:42–51.

27.

Lee

, Choi

J-S

, Shin

Y-C

, et al. Impulsivity in Internet addiction: a comparison with pathological gambling. Cyberpsychology, Behavior and Social Networking, 2012; 15:373–377.

28.

Galvan

, Hare

, Voss

, et al. Risk-taking and the adolescent brain: who is at risk?. Developmental Science, 2007; 10:8–15.

29.

Hadlington

. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 2017; 3:e00346.

30.

Spector

. Using Self-Report Questionnaires in OB research: a comment on the use of a controversial method. Journal of Organizational Behavior, 1994; 15:385–392.