Cybersecurity is an ever-present problem for organizations, but organizational science has barely begun to enter the arena of cybersecurity research. As a result, the “human factor” in cybersecurity research is much less studied than its technological counterpart. The current manuscript serves as an introduction and invitation to cybersecurity research by organizational scientists. We define cybersecurity, provide definitions of key cybersecurity constructs relevant to employee behavior, illuminate the unique opportunities available to organizational scientists in the cybersecurity arena (e.g., publication venues that reach new audiences, novel sources of external funding), and provide overall conceptual frameworks of the antecedents of employees’ cybersecurity behavior. In so doing, we emphasize both end-users of cybersecurity in organizations and employees focused specifically on cybersecurity work. We provide an expansive agenda for future organizational science research on cybersecurity—and we describe the benefits such research can provide not only to cybersecurity but also to basic research in organizational science itself. We end by providing a list of potential objections to the proposed research along with our responses to these objections. It is our hope that the current manuscript will catalyze research at the interface of organizational science and cybersecurity.

网络安全对于组织来说是一个始终存在的问题，但组织科学才刚刚开始进入网络安全研究领域。因此，网络安全研究中“人为因素”的研究远少于技术领域的研究。当前的手稿是组织科学家对网络安全研究的介绍和邀请。我们定义网络安全，提供与员工行为相关的关键网络安全结构的定义，阐明组织科学家在网络安全领域可获得的独特机会（例如，接触新受众的出版场所、外部资金的新来源），并提供总体概念框架员工网络安全行为的前因。在此过程中，我们强调组织中网络安全的最终用户和专门从事网络安全工作的员工。我们为未来网络安全的组织科学研究提供了一个广泛的议程，并且我们描述了此类研究不仅可以为网络安全而且可以为组织科学本身的基础研究提供的好处。最后，我们提供了对拟议研究的潜在反对意见的列表以及我们对这些反对意见的回应。我们希望当前的手稿能够促进组织科学和网络安全交叉领域的研究。