An Empirical Investigation of Decision Making in IT-Related Dilemmas: Impact of Positive and Negative Consequence Information

An Empirical Investigation of Decision Making in IT-Related Dilemmas: Impact of Positive and Negative Consequence Information

Chen Zhang (University of Memphis, Memphis, TN, USA), Judith C. Simon (University of Memphis, Memphis, TN, USA) and Euntae “Ted” Lee (University of Memphis, Memphis, TN, USA)
Copyright: © 2016 |Pages: 18
DOI: 10.4018/JOEUC.2016100105


Given the rising IT security and privacy concerns, organizations are increasing their spending to strengthen technical protections. However, the problem of individuals wanting to find ways to gain access to IT resources improperly remains. To gain a better understanding of individuals' intentions to behave unacceptably in IT-related situations with conflicting interests, an information focus approach is adopted and the effects of information regarding possible consequences on their intentions is empirically investigated through a vignette-based survey. The findings not only confirm the deterrent role of information about possible negative consequence in these situations but also reveal that such influence is greater in situations involving software products than in situations involving data and for individuals with a higher level of fundamental concern for the welfare of others. Furthermore, this study reveals how the influence of consequence information on the intention to perform an unacceptable behavior may be dependent on individual factors and situational factors.
Article Preview


Viruses, data breaches, software piracy, computer fraud and other illegal or unacceptable behaviors related to security and privacy of computers and information systems have been reported extensively by the popular press. These events and behaviors have caused great losses to individuals, organizations, and society. For example, software piracy has been on the rise in the past decade, causing companies billions of dollars in losses. Furthermore, a report by the Identity Theft Resource Center (ITRC 2014) indicated that the number of U.S. data breaches reached a record high of 783 in 2014, which increased by 27.5% from 2013. Primary causes of data breach incidents include hacking, data on the move, insider theft, accidental exposure, and subcontractor/third party. In particular, Lynn (2009) reported that 42 percent of the companies considered laid-off employees as the biggest threat to their data security. Due to the financial losses and reputational damage to organizations caused by various computer-related illegal or unacceptable behaviors, organizations have invested heavily in the implementation of various security measures such as security policies, security training, and security auditing to reduce or prevent these behaviors by their employees or external parties.

However, the effectiveness of these security measures not only depends on the supporting technologies but also relies on the behaviors of human agents such as individuals who access and use IT resources (Stanton, Stam, Mastrangelo, & Jolton, 2005). Therefore, a systematic understanding of individual behavior, especially individual decision making in situations involving conflicting interests, can help information security managers better assess security risks and more effectively design and implement security measures.

Many scholars have examined individuals’ ethical attitudes and unethical behaviors in various contexts (Singhapakdi, Vitell, & Kraft, 1996; Leonard, Cronan, & Kreie, 2004) and have identified a number of factors (e.g., individual characteristics, issue characteristics, organizational characteristics) that influence ethical judgment and decisions (O’Fallon & Butterfield, 2003). Although many empirical studies have confirmed that magnitude of consequences does influence how people judge behaviors that already took place and led to certain consequences, relatively fewer studies have investigated behavioral intentions in ethical dilemmas involving conflicting interests where the action in question has not occurred and the consequences of the action cannot be known in advance. We argue that in these situations whether information about possible consequences (positive and negative) is available to individuals influences their decision making process and behavioral intentions. The informational aspect of decision-making in such dilemmas has been under-investigated in the literature. To address this gap in the literature, this study focuses on the availability of information related to not only possible benefits but also possible harms that may result from an unethical action. In addition, given the unprecedented importance of understanding and preventing inappropriate behaviors in today’s IT-embedded environment, we conduct this study in the IT context by taking into consideration the different types of IT resources involved in these dilemmas. In particular, considering the increasing number of incidences involving inappropriate actions related to computer software and data, we focus on ethical dilemmas involving software and data.

The research questions that we pose in this study are: (1) how does information about potential outcomes influence the individual’s behavioral intention in ethical dilemmas involving conflicting interests? (2) Does the impact of information about potential outcomes differ in dilemmas involving data versus those involving software products? (3) Does the impact of information about potential outcomes differ among individuals with a different ethical ideology?

In the next section, we review the existing literature on individual decision-making in ethical dilemmas in general and IT-related ethical dilemmas, and then develop research hypotheses. Section III presents the details of our research methodology. We then summarize the empirical analysis and results in Section IV, and the post-hoc analysis results in Section V. We conclude by discussing contributions, limitations and future research.

Complete Article List

Search this Journal:
Open Access Articles
Volume 32: 2 Issues (2020)
Volume 31: 4 Issues (2019)
Volume 30: 4 Issues (2018)
Volume 29: 4 Issues (2017)
Volume 28: 4 Issues (2016)
Volume 27: 4 Issues (2015)
Volume 26: 4 Issues (2014)
Volume 25: 4 Issues (2013)
Volume 24: 4 Issues (2012)
Volume 23: 4 Issues (2011)
Volume 22: 4 Issues (2010)
Volume 21: 4 Issues (2009)
Volume 20: 4 Issues (2008)
Volume 19: 4 Issues (2007)
Volume 18: 4 Issues (2006)
Volume 17: 4 Issues (2005)
Volume 16: 4 Issues (2004)
Volume 15: 4 Issues (2003)
Volume 14: 4 Issues (2002)
Volume 13: 4 Issues (2001)
Volume 12: 4 Issues (2000)
Volume 11: 4 Issues (1999)
Volume 10: 4 Issues (1998)
Volume 9: 4 Issues (1997)
Volume 8: 4 Issues (1996)
Volume 7: 4 Issues (1995)
Volume 6: 4 Issues (1994)
Volume 5: 4 Issues (1993)
Volume 4: 4 Issues (1992)
Volume 3: 4 Issues (1991)
Volume 2: 4 Issues (1990)
Volume 1: 3 Issues (1989)
View Complete Journal Contents Listing