Security breaches of digital information represent a significant threat to the wellbeing of individuals, corporations, and governments in the digital era. Roughly 50% of breaches of information security result from the actions of individuals inside organizations (i.e., insider threat), and some evidence indicates that common deterrence programs may not lessen the insiders’ intention to violate information security. This had led researchers to investigate contextual and individual difference variables that influence the intention to violate information security policies. The current research builds upon previous studies and explores the relationship between individual differences in self-control and moral potency and the neural correlates of decision making in the context of information security. The behavioral data revealed that individuals were sensitive to the severity of a violation of information security, and that the measures of self-control and moral potency were reliable indicators of the underlying constructs. The ERP data provided a partial replication of previous research, revealing differences in neural activity for scenarios describing security violations relative to control stimuli over the occipital, medial and lateral frontal, and central regions of the scalp. Brain-behavior analyses showed that higher moral potency was associated with a decrease in neural activity, while higher self-control was associated with an increase in neural activity; and that moral potency and self-control tended to have independent influences on neural recruitment related to considering violations of information security. These findings lead to the suggestion that enhancing moral potency and self-control could represent independent pathways to guarding against insider threat.
Read full abstract