Computers and Security, Volume 99, December 2020,
With regard to computer abuse, the term "malicious insider" tends to be associated with male employees, likely because men commit more crimes relative to women. We draw on the chivalry hypothesis to inform our study and explore whether managers demonstrate gender bias in decision-making regarding insider threats posed by subordinate employees. We recruited managers as participants in our study and randomly assigned them to an "employee gender" condition, wherein half the participants read a scenario with a female offender and half the participants read a scenario with a male offender. The scenarios were identical with the exception of the gender pronouns, and participants were asked to evaluate the intent and harm posed by the employee. Our results suggest that managers’ perceptions of malicious intent are systematically different according to the gender of the subordinate employee; specifically, managers characterize security misbehavior by males as significantly more malicious relative to that by females. These findings suggest that gender biases play a role in how managers perceive employee security behavior. This study extends current research on the chivalry hypothesis by linking gendered criminal and computer stereotypes to bias in evaluating information systems security threats.