Using a device for both private and
business purposes entails the risk that
personal information is disclosed to
the employer without the employee’s
consent and knowledge.
21 Privacy risk,
as defined by Featherman and Pavlou6
as the “potential loss of control over
this facet of risky behavior. Business
data, as well as personal data, is at
risk. The potential for corporate data
to be exposed to unauthorized third
parties also increases when individuals use their private devices for work
25 Information security is
one of the most important topics related to IT consumerization, as 90%
of all corporate data breaches fall into
34 lost and stolen devices, user-initiated crimeware, insider
misuse, and miscellaneous human
errors. To capture this facet of risky
behavior, we assume security risk, or
potential loss due to fraud or a hacker
compromising corporate information
16 contributes to overall perceived risk.
We thus hypothesize that perceived
risk negatively affects individuals’
decisions regarding use of privately
owned devices at work:
Hypothesis 2. The greater the perceived risk of using privately owned
devices for work purposes, the lower
an individual’s intention to participate in a BYOD program.
We also assume the perceived risk
associated with IT consumerization
influences behavioral intention indirectly by negatively affecting perceived
benefits. For instance, as a measure of
safeguarding IT security, firms usually adopt policies that allow them to
erase data when an employee’s device is lost or stolen. Such “loss of full
ownership” significantly affects the
perceived benefits of BYOD.
28 We thus
Hypothesis 3. The perceived risk of
using privately owned devices for work
purposes negatively affects an individual’s perception of benefit.
Cultural values. Research provides
evidence that millennials’ cultural
values influence their technology-use
30 However, it remains to be
demonstrated whether the proposed
NVM holds across the general popu-
lation of millennials who reflect a va-
riety of cultural values.
30 We propose
Following these insights, we hy-
pothesize that perceived benefits in-
fluence individuals’ consumerization
Hypothesis 1. The greater the perceived benefits of using privately
owned devices for work purposes, the
greater an individual’s intention to
participate in a BYOD program.
“Perceived risk” reflects negative
utility from a subjective perspective, a
concept introduced by Bauer2 as part
of his “Perceived Risk Theory,” which
assumes subjective risk perceptions
directly influence an individual’s intention to perform a certain action.
Perceived risk is defined by Cunningham4 as “the amount that would be
lost, or that which is at stake, if the
consequences of an act were not favorable, and the individual’s subjective feeling of certainty that the
consequences will be unfavorable.”
Featherman and Pavlou6 and Hoehle
9 found perceived risk plays a significant role in individuals’ IT-use behavior.
To reflect the perceived cost associated with using privately owned
devices, we define perceived risk as
the belief of individuals about the
potential negative outcomes caused
by using privately owned devices on
the job. The negative consequences
of such behaviors can be classified
into multiple types of loss, indicating that, as with perceived benefit,
perceived risk is a multidimensional
6, 16 Based on the arguments
discussed earlier regarding consumerization and its effects on corporate
IT, we hypothesize that using privately
owned devices for business purposes
encompasses three facets of risk: performance; privacy; and security.
Using privately owned devices for
work purposes generally shifts responsibility from the IT department
to the individual. For instance, the
individual is, at least psychologically,
accountable for “how well the [device]
will perform relative to expectations.”
The risk associated with using one’s
own devices on the job includes the
potential that the device the individual is responsible for is not sufficient
for its intended business purpose.
Performance risk thus reflects the potential for not being able to perform
business activities as expected.
to the corporate
a nightmare for
about IT security.