Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective

This study tested the context of employees using their devices for both work and personal use, and non-compliant device usage of a person potentially resulting in Information Systems (IS) security threat to personal as well as work data and/or the devices. Integrating bystander and protection motivation theory (PMT) perspectives this paper studies bystanders' responses to IS security threats and the extent to which a perceived security threat motivates individual intention to act, in the context of non-compliant mobile device usage behaviors. It tests the role of an individual's threat perceptions to protect their own IS security, and as a bystander, protecting their peers or the IS security of their organization. Data collected from 431 individuals support the hypotheses that security awareness predicts perceived severity and protection motivation. Evaluation apprehension and diffusion of responsibility inhibit bystander's intentions to act against non-compliant mobile device usage behaviors, while awareness facilitates it. Theoretical contributions and practical implications of the research are discussed.