ABSTRACT Using personal mobile phones for work-related purposes is an increasingly common trend in organisations yet adding to cyber security concerns. It is vital to identify employees’ characteristics that impact security noncompliance behaviours when using mobile phones at work, as it could open a channel for cyber-attacks in the enterprise's IT systems. Using the unique context of personal smartphones and building on the theoretical framework of the Dual-Concern Model, this study identifies key characteristics of employees’ intention to engage in security noncompliance activities. Through a scenario-based survey of 391 mobile phone users in the United States, we examined the impact of personal characteristics (specifically conflict management style, context-specific anxiety, and technological skills) in explaining people’s intention to demonstrate security noncompliance behaviours. Younger individuals, those with higher conflict approach tendencies, and those with online communication apprehension tend to show higher noncompliance with information system security policies. Also, technical skills were found to moderate the association of online communication apprehension with increased noncompliance with security policies. The findings offer a range of theoretical implications and practical insights for strengthening organisations’ cyber security.
Read full abstract