This article reports on a grounded theory investigation of subject response anomalies that were encountered in

the course of a neurocognitive laboratory study of computer user cybersecurity behaviors. Subsequent qualitative data collection led to theoretical development in specification of three broad constructs of computer user security complacency. Theoretical insights indicate that states of security complacency can arise in the form of a naïve lack of concern about the likelihood of facing security threats (inherent complacency), from ill-advised dependence upon specific computing platforms and protective workplace technology implementations for protection (platform complacency), as well as the reliance on the guidance on advice from trusted social others in personal and workplace networks (social complacency). Elements of an emergent theory of cybersecurity complacency arising from

our interpretive insights are discussed.