Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse
提出内部人员计算机滥用的动机-控制理论,区分工具性和表达性动机及内外控制,发现威慑不创造动机但削弱现有动机,而财务收益和心理契约违背创造动机,自我控制可减弱其影响。
Reports indicate that employees are willing to share sensitive information under certain circumstances, and one-third to half of security breaches are tied to insiders. These statistics reveal that organizational security efforts, which most often rely on deterrence-based sanctions to address the insider threats to information security, are insufficient. Thus, insiders’ computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a significant issue for industry. We present a motive–control theory of ICA that distinguishes among instrumental and expressive motives and internal and external controls. Specifically, we show that organizational deterrents (e.g., sanctions) do not create motives for ICA, but weaken existing motives (e.g., financial benefits). Conversely, financial benefits and psychological contract violations create motives to perform ICA, and insiders’ self-control diminishes the influence of these motives. The implications for practice are threefold: (1) organizations should make efforts to reduce psychological contract breach for employees by increasing the congruence between expectations and reality to reduce expressive motives for ICA; (2) organizations should seek maintain personnel with adequate self-control to diminish the impact of harmful ICA motives should they arise; and (3) organizations should develop targeted sanctions for committing ICA to control the harmful influence of financial motives.