short-paper

Disgruntled yet Deft with IT: Employees who Pose Information Security Risk

Authors:

Dianna CichockiAuthors Info & Claims

SIGMIS-CPR '19: Proceedings of the 2019 on Computers and People Research Conference

Pages 122 - 124

https://doi.org/10.1145/3322385.3322419

Published: 12 June 2019 Publication History

Abstract

Malicious insiders are employees who intentionally harm organizational information systems and technology. It has been shown that these types of insiders tend to be disgruntled with work, often times as a result of termination. We identify an additional source of disgruntlement that is also associated with computer abuse: dissatisfaction with information technology resources and support, or IT dissatisfaction. Using a sample of 271 working adults, we demonstrate that employees with higher IT dissatisfaction are more likely to engage in computer abuse. Moreover, the relationship is significantly stronger among employees who consider themselves as technologically competent. Our findings are robust across models with and without control variables, and when using a residual measure of IT dissatisfaction derived from negative affect. We conclude that IT dissatisfaction is a promising construct for researchers and companies to explore further in relation to information security outcomes.

References

[1]

Henry, J. (August 21, 2018). These 5 Types of Insider Threats Could Lead to Costly Data Breaches. IBM Security Intelligence. Retrieved 3/1/2019 from https://securityintelligence.com/these-5-types-of-insider-threats-could-lead-to-costly-data-breaches/

[2]

Ponemon Institute. Cost of Insider Threats: Global. April, 2018.

[3]

Miller, S. The frequency and impact of insider collusion. Software Engineering Institute, Carnegie Mellon University. Retrieved March 1, 2019 from https://insights.sei.cmu.edu/insider-threat/2016/06/the-frequency-and-impact-of-insider-collusion.html

[4]

Willison, R. and Warkentin, M. 2013. Beyond Deterrence: An Expanded View of Employee Computer Abuse. MIS Quart, 37, 1 (2013), 1--20.

Digital Library

[5]

Chuvakin, A. (May 9, 2016). Our "Understanding Insider Threats" Paper Publishes. Retrieved 2/14/2019 from https://blogs.gartner.com/anton-chuvakin/2016/05/09/our-understanding-insider-threats-paper-publishes/

[6]

Randazzo, M.R., Keeney, M., Kowalski, E., Cappelli, D. and Moore, A. Insider Threat Study" Illicit Cyber Activity in the Banking and Finance Sector. CMU-SEI-2004_TR-021.

[7]

Straub, D. and Welke, R. 1998. Coping with systems risk: Security planning models for management decision making. MIS Quart, 22, 4 (1998), 441--469.

Digital Library

[8]

Compeau, D., and Higgins, C. 1995. Computer self-efficacy: Development of a measure and initial test. MIS Quart, 19 (1995), 189--2011.

Digital Library

[9]

Lowry, P., Posey, C., Bennett,R., and Roberts, T. 2015. Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organizational information security policies: An empirical study of the influence of counterfactual reasoning and organizational trust. Info Systems J, 25, (2015), 193--230.

Digital Library

[10]

Cammann, C., Fichman, M. Jenkins, D. & Kelsh, J. 1983. Assessing the attitudes and perceptions of organizational members. In S. Seashore, E. Lawler, P. Mirvis, & C. Cammann (Eds.), Assessing organizational change: A guide to methods, measures and practices (pp. 71--138). New York, NY: John Wiley.

[11]

Wang, W. and Zhang, Y. 2015. From IT satisfaction to job satisfaction: Understanding the role of user-technology fit. In Proceedings from The Pacific Asia Conference on Information Systems (June 2015), 154.

[12]

Herzberg,F., Mausner, B., and Snyderman, B. 1959. The motivation to work (2 ed). John Wiley: New York.

[13]

Herzberg, F. 1966. Work and the nature of man. World Publishing: Cleveland, OH, US.

[14]

Schriesheim, C. A., Powers, K. J., Scandura, T. A., Gardiner, C. C., & Lankau, M. J. 1993. Improving Construct Measurement in Management Research: Comments and a Quantitative Approach for Assessing the Theoretical Adequacy of Paper-and-Pencil and Survey-Type Instruments. Journal of Management (19), pp. 385--417.

[15]

Hinkin, T., & Tracey, J. 1999. An Analysis of Variance Approach to Content Validation. Organizational Research Methods (2), pp. 175--186.

[16]

Colquitt, J.A.; Baer, M.D.; Long, D.M.; and Halvorsen-Ganepola, M.D.K. 2014. Scale Indicators of Social Exchange Relationships: A Comparison of Relative Content Validity. Journal of Applied Psychology (99:4), pp. 599--618.

[17]

Podsakoff, P.,. MacKenzie,S.B., Lee, J-Y., and Podsakoff, N.P. 2003. Common method biases in behavioral research: A critical review of the literature and recommended remedies. J App Psych, 88, 5 (2003), 879--903.

[18]

Aiken, L.S., and West, S.G. 1991. Multiple regression: Testing and interpreting interactions. Sage Publications, Inc: Thousand Oaks, CA, US.

[19]

IBM Corp. 2016. IBM SPSS Statistics for Windows, Version 24.0. Armonk, NY: IBM Corp.

[20]

Judge. T., and Ilies R. 2004. Affect and job satisfaction: A study of their relationship at work and at home. J App Psych, 89, 4 (2004), 661--673.

[21]

Kark, K., Shaikh, A. and Brown, C. 2017. Technology budgets: From value preservation to value creation. Deloitte, CIO Insider (November 2017).

[22]

Statista. U.S. consumer business cyber security budget share 2017. Retrieved February 1, 2019, from https://www.statista.com/statistics/811116/us-consumer-business-cyber-security-budget-percentage/

Cited By

Dornheim PZarnekow R(2020)Factors Shaping Information Security Culture in an Internal IT DepartmentHCI International 2020 – Late Breaking Papers: Interaction, Knowledge and Social Media10.1007/978-3-030-60152-2_38(507-521)Online publication date: 27-Sep-2020
https://doi.org/10.1007/978-3-030-60152-2_38

Index Terms

Disgruntled yet Deft with IT: Employees who Pose Information Security Risk
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

Job Satisfaction and Turnover Intentions during Technology Transition: The Role of User Involvement, Core Self-Evaluations, and Computer Self-Efficacy

Using data from 52 employees, this study investigated the relations among user involvement, core self-evaluations, computer self-efficacy, employee stress, job satisfaction, and intention to leave the organization during the implementation of a new ...
The Impact of Context on Employee Perceptions of Acceptable Non-Work Related Computing

Employees have access to a wide range of computer-related resources at work, and often these resources are used for non-work related personal activities. In this study, the authors address the relationship between employee's utilitarian ethical ...
Beyond deterrence: an expanded view of employee computer abuse

Recent academic investigations of computer security policy violations have largely focused on nonmalicious noncompliance due to poor training, low employee motivation, weak affective commitment, or individual oversight. Established theoretical ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMIS-CPR '19: Proceedings of the 2019 on Computers and People Research Conference

June 2019

211 pages

ISBN:9781450360883

DOI:10.1145/3322385

Conference Chairs:
Damien Joseph
Nanyang Technological University, Singapore
,
Craig Van Slyke
Louisiana Tech University, USA
,
Program Chairs:
J.P. Allen
University of San Francisco, USA
,
Jeria Quesenberry
Carnegie Mellon University, USA
,
Manuel Wiesche
Technical University of Munich, Germany

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMIS: ACM Special Interest Group on Management Information Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

SIGMIS-CPR '19

Sponsor:

SIGMIS

SIGMIS-CPR '19: 2019 Computers and People Research Conference

June 20 - 22, 2019

TN, Nashville, USA

Acceptance Rates

SIGMIS-CPR '19 Paper Acceptance Rate 20 of 30 submissions, 67%;

Overall Acceptance Rate 300 of 480 submissions, 63%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
119
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dornheim PZarnekow R(2020)Factors Shaping Information Security Culture in an Internal IT DepartmentHCI International 2020 – Late Breaking Papers: Interaction, Knowledge and Social Media10.1007/978-3-030-60152-2_38(507-521)Online publication date: 27-Sep-2020
https://doi.org/10.1007/978-3-030-60152-2_38

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents