Influences of moral character on insider deviant behavior in information security

Abstract

Insider threats has been a major challenge for organizations. Leaking sensitive information by insiders has become rampant in recent times and presents an important issue for both private and public organizations. Though prior research has indicated that the human is the weakest link in information security and has found that insiders are threats to leaking information, there is paucity of study on the characteristics of the insider that influences information leak behavior. This master’s thesis contributes to filling this important gap. Drawing on moral development and deterrence theories, this study examines the influence of an insider’s moral character on the insider’s ethical awareness on deterrence and views on leaking sensitive information. Results show that out of the four dimensions of moral character, only justice and utilitarianism dimensions directly influence an insider’s view on leaking sensitive information. However, only the justice dimension influences the insider’s ethical awareness on deterrence. Taken together, the results show that an individual with high ethical views on justice is more likely to heed to deterrence polices; however, such individual is highly likely to leak information when heeding to deterrence policies contradicts his/her ethical views on justice. Also, contrary to the notion that personal interest (i.e., egoism) is a fundamental determinant of an insider’s view on leaking information, this study shows that an individual’s view of public interest is a stronger determinant of his/her view on leaking infor-mation. The several implications for research and practice deduced from the results are discussed. This research contributes generally to research on infor-mation systems security and specifically to the importance of moral development theory and deterrence theory in explaining insider information leak behavior.