Organizations have significant financial losses every year due to insider threats. These are caused by employees’ malicious or accidentally weak information security (infosec) behavior, such as poor password security practices. Previous research has examined employees’ insecure behaviors from many perspectives. However, individual factors such as employees’ mental health have only been briefly considered in the infosec context. Depression and anxiety are very common within the global population, with a range of symptoms and severity of symptoms that could potentially affect an employee’s infosec behavior. With little research in this area, it is important to understand the impact of these factors through empirical examination. A mixed-method study aims to examine depression and anxiety in the infosec context using psychological evaluation tools and interviews. The results will have important implications for research and practice, and especially for professionals who create and develop methods to improve infosec behavior within the organizational context.