Applying Push-Pull-Mooring model to investigate non-malicious workarounds behavior

Abstract

More than half of the violations of information systems security policies are initiated by non-malicious activities of insiders. To investigate these non-malicious activities, we utilized the theory of workaround and argued that the application of neutralization techniques impacts the use of workarounds. We built our model using three theories: the theory of workaround, push pull-mooring theory, and techniques of neutralization. We identified the elements of workarounds related to non-malicious violations and proposed a theoretical perspective using the push-pull-mooring theory to investigate non-malicious workarounds empirically. We propose that non-malicious activities of insiders can be seen as a switching behavior, with push factors such as system dissatisfaction and time pressure, and pull factors such as convenience and alternative attractiveness. The mooring factors in our model are techniques of neutralization, including denial of injury, denial of responsibility, and defense of necessity. We employed the scenario-based factorial survey method to mitigate the effect of social desirability bias. Our mixed model analysis indicates that time pressure, convenience, denial of injury, and defense of necessity significantly impact an individual's likelihood of engaging in non-malicious workarounds. Additionally, the relative weight analysis of our model shows that convenience and time pressure explain most of the variance in our model.