The rise of flexible work arrangements increases knowledge workers’ autonomy and organizations’ access to talent but exacerbates the cybersecurity threat landscape for organizations. A key tension exists between enabling work flexibility and maintaining robust cybersecurity. Despite the growing prevalence of flexible work, cybersecurity research has largely overlooked its multifaceted nature, particularly beyond the dimension of location. To explore the impact of flexible work arrangements on organizational cybersecurity, we conducted 21 expert interviews with (predominantly young) professionals and academics. Our findings highlight three key dimensions of flexible work — location, time, and device — each presenting unique cybersecurity vulnerabilities. We identify critical tensions between cybersecurity policies and work flexibility, indicating that overly rigid cybersecurity measures can lead to unintended consequences such as employee resistance and non-compliance. We propose an integrative cybersecurity framework that considers technological, human, and organizational factors in flexible work environments, facilitating the optimization of both organizational resilience and employee productivity. Our research highlights the need for adaptive cybersecurity strategies that address the realities of flexible work, enhancing both security and overall value creation. It provides a more holistic understanding of cybersecurity in modern work environments and offers practical guidance for managers.
Baltuttis et al. (Thu,) studied this question.