Examining the Neural Basis of Information Security Policy Violations: A Noninvasive Brain Stimulation Approach

In stock

Publication History

Received: September 17, 2018
Revised: May 15, 2019; January 31, 2020; May 21, 2020; June 26, 2020; August 18, 2020; September 29, 2020
Accepted: October 15, 2020
Published online: October 14, 2021


Downloadable File
Non-malicious information security policy (ISP) violations can cause organizations significant harm. In this paper, we aim to extend the understanding of why employees engage in such acts. A large body of ISP violation research has been based on the tenet that people violate ISPs to obtain personal benefit as explained by rational choice and expectancy theories, but this assumption has only been weakly tested, using mostly correlational approaches. Our objective is to improve the causal basis for this argument by using a noninvasive brain stimulation (NIBS) technique, which actually modulates brain activity in regions of the brain that process value/gain assessments. Therefore, it can substantially increase the claim of causality: that potential rewards lead to ISP violations. To do so, we build on expectancy theory and neuroscience knowledge to theorize why reducing the excitability of neurons in the left dorsolateral prefrontal cortex (L DLPFC) can lower the endorsement of ISP violations. We test this idea in four experiments in which we use a NIBS technique called high-definition direct current stimulation (HD-tDCS). Our findings support the assertion that the L DLPFC is likely involved in the expectancy theory of ISP violations, and that endorsing such violations can be experimentally adjusted with NIBS techniques. These findings extend the understanding of cybersecurity behaviors, improve the causal support for the common assumption made by rational choice theory studies that ISP violations are motivated through perceived benefits, point to the need to consider the L DLPFC in research on positively valenced (or attractive) technology-mediated actions, and pave the way for future use of brain stimulation techniques in information systems research.
Additional Details
Author Ofir Turel, Qinghua He, and Yatong Wen
Year 2021
Volume 45
Issue 4
Keywords Information systems security, cybersecurity, transcranial direct current stimulation, neuroIS, decision making, expectancy theory, IS policy violations, noninvasive brain stimulation
Page Numbers 1715-1744; DOI: 10.25300/MISQ/2021/15717
Copyright © 2023 MISQ. All rights reserved.