Data security breaches have been consistently identified in literature as significant, negative events. While most of the related research focuses on externally initiated breaches, far fewer studies provide clarity related to internally initiated breaches. The risk of internal breaches may be dramatically increased by shadow information technology (IT). Our study examines German and Italian financial executives’ decisions to engage in shadow IT in combination with two potential mitigation techniques (severity of sanctions in violation of IT policy and outcome effect related to breach risk). While Italian executives act as predicted, German executives engage in a different decision-making process whereby a self-service business culture brought on by perceived increased IT capabilities supersedes the level of cybersecurity awareness and a strong IT usage policy. Results also suggest an outcome effect favoring increased likelihood of breaches may lessen the likelihood of shadow IT usage. Our study adds an international component to existing data security breach and shadow IT research, while also contributing to the IT usage policy, neutralization theory, dynamic capabilities, outcome effect, and self-service literatures.

Shadow IT Behavior of Financial Executives in Germany and Italy as an Antecedent to Internal Data Security Breaches

Nicola Castellano;
2022-01-01

Abstract

Data security breaches have been consistently identified in literature as significant, negative events. While most of the related research focuses on externally initiated breaches, far fewer studies provide clarity related to internally initiated breaches. The risk of internal breaches may be dramatically increased by shadow information technology (IT). Our study examines German and Italian financial executives’ decisions to engage in shadow IT in combination with two potential mitigation techniques (severity of sanctions in violation of IT policy and outcome effect related to breach risk). While Italian executives act as predicted, German executives engage in a different decision-making process whereby a self-service business culture brought on by perceived increased IT capabilities supersedes the level of cybersecurity awareness and a strong IT usage policy. Results also suggest an outcome effect favoring increased likelihood of breaches may lessen the likelihood of shadow IT usage. Our study adds an international component to existing data security breach and shadow IT research, while also contributing to the IT usage policy, neutralization theory, dynamic capabilities, outcome effect, and self-service literatures.
2022
978-0-9981331-5-7
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1118070
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact