The Behavioral Roots of Information Systems Security: Exploring Key Factors Related to Unethical IT Use

Unethical information technology (IT) use, related to activities such as hacking, software piracy, phishing, and spoofing, has become a major security concern for individuals, organizations, and society in terms of the threat to information systems (IS) security. While there is a growing body of work on this phenomenon, we notice several gaps, limitations, and inconsistencies in the literature. In order to further understand this complex phenomenon and reconcile past findings, we conduct an exploratory study to uncover the nomological network of key constructs salient to this phenomenon, and the nature of their interrelationships. Using a scenario-based study of young adult participants, and both linear and nonlinear analyses, we uncover key nuances of this phenomenon of unethical IT use. We find that unethical IT use is a complex phenomenon, often characterized by nonlinear and idiosyncratic relationships between the constructs that capture it. Overall, ethical beliefs held by the individuals, along with economic, social, and technological considerations are found to be relevant to this phenomenon. In terms of practical implications, these results suggest that multiple interventions at various levels may be required to combat this growing threat to IS security.