Despite the growing concern about security breaches and risks emerging from Shadow IT usage, a type of information security violation committed by organizational insiders, this phenomenon has received little scholarly attention. By integrating the dual-factor theory, unified theory of acceptance and use of technology (UTAUT) and social control theory, this research aims to examine facilitating and deterring factors of Shadow IT usage intention.
An online survey was performed to obtain data. As this study aims at investigating the behavior of organizational insiders, LinkedIn, an employment-oriented network site, was chosen as the main site to reach the potential respondents.
The results show that while performance expectancy, effort expectancy and subjective norms considerably impact intention to use Shadow IT, personal norms and sanctions-related factors exert no influence. Besides, an organizational factor of ethical work climate is found to significantly increase individual perceptions of informal controls and formal controls.
This work is the first attempt to extend the generalizability of the dual-factor theory and UTAUT model, which primarily has been utilized in the context of system usage, to the new context of information security. This study is also one of few studies that simultaneously take both organizational and individual factors into consideration and identify its impacts on user's behaviors in the information security context.
