DOI:10.1145/ 3132745
weighs benefits against risks when it
Millennials entering the workforce ignore the comes to intention to use technology
in a business environment.
risks of using privately owned devices on the job. In 2013, we conducted an interna-
tional study involving 402 students in
BY HEIKO GEWALD, XUEQUN WANG, ANDY WEEGER, their final year of undergraduate study
MAHESH S. RAISINGHANI, GERALD GRANT, just before entering the workplace.
OTAVIO SANCHEZ, AND SIDDHI PITTAYACHAWAN We received feedback from students
at Neu-Ulm University of Applied Sci-
ences (Germany), Dongbei University
Millennials’
of Finance & Economics (China), Tex-
as Woman’s University (U.S.), Carleton
University (Canada), Fundação Getu-
Attitudes
lio Vargas (Brazil), and RMIT Univer-
sity (Australia). We found they share
a common set of values regardless of
Toward IT
nationality, including motivational
drivers that would alarm corporate IT
managers, if known. The individuals
Consumerization
in our sample value their own benefit
highly and dramatically neglect the
risks their actions might pose.
in the Workplace
The way we work, think, and behave
is heavily influenced by the Internet,
email, smartphones, and other tech-
nological innovations that have prolif-
erated over the past 20 to 30 years. The
generation of people born after 1980
is the first to grow up with information
everywhere, anytime24 and referred to
as digital natives, or, more commonly,
millennials.15
PEOPLE BORN AFTER 1980, often called “millennials” Many studies have sought to ana-
lyze them.20 For example, in their 2010
by demographic researchers, behave differently literature review, Ng et al.24 character-
from older generations in significant ways. They ized them as “want it all” and “want
are the first “digital natives,” the “always on it now.” It seems generally accepted
in research and practice alike that
generation” that expects to have information millennials are difficult to cope with
instantly and always available at its fingertips. Their
attitudes have been described by previous research key insights
in often unfavorable terms. And when they enter the ˽˽ Members of Generation Y (so-called
millennials) see the use of their privately
workplace, they pose a major challenge to managers owned devices for work as a necessity,
not an option.
from older generations, who, it has been shown,
˽˽ Millennials focus on their personal benefit,
typically follow a different set of values. generally ignoring the risks they may
introduce into corporate networks when
Our research investigates the attitudes of using their own devices and accounting for
millennials who have not yet entered the workforce risk only if it threatens them directly.
toward the use of information technology (IT) in ˽˽ When it comes to weighing risks
against benefits, such behavior is seen
terms of “IT consumerization.” Specifically, we want across developed economies, with no
significant cultural influence across an
to know how this significant part of the population international sample.
To partially close this gap, we con- tablets, and smartphones are used for ee (such as when responding to email
ducted our study on the motivational business tasks but also to software messages on weekends when techni-
factors that shape millennials’ inten- when online email services or cloud- cally not at work). Not only users, but
tion to use technology in the context storage solutions are used for busi- their employers as well, face notable
O C TO B E R 2 0 1 7 | VO L. 6 0 | N O. 1 0 | C OM M U N IC AT ION S OF T HE ACM 63
contributed articles
challenges from this trend. Anecdotal individualism/collectivism; masculin- privately owned devices on the job is
evidence indicates corporate IT de- ity/femininity; uncertainty avoidance; determined by the outcome of weigh-
partments are under pressure to give and long-term orientation. Other re- ing perceived benefits vs. perceived
in to user demands to be allowed to search found that national cultural risks/associated costs, as in Figure 1.
use privately owned IT for work pur- values strongly affect an individual’s Perceived benefits. Perceived ben-
poses. However, granting myriad dif- IT-adoption behavior.12,32 efits “include all benefits which the
ferent consumer devices access to the In order to understand how mil- customer perceives as having been
corporate network is a nightmare for lennials perceive benefits and risks received.”18 In the context of IT use,
anyone concerned about IT security. associated with IT consumerization they reflect the overall positive utility
Consumerization of IT seems to across different cultures, we identi- individuals expect when using a par-
be a key characteristic of millenni- fied uncertainty avoidance (UA) and ticular technology.12 Prior research
als, as their desire to be always on is individualism/collectivism (IC) as demonstrated that perceived benefits
not limited only to the workplace. In the most relevant dimensions. Power significantly affect behavioral inten-
the same vein, they are accustomed to distance, masculinity/femininity, and tion regarding the use of IT.16,19
always using state-of-the-art technol- long-term orientation are important We define perceived benefits as
ogy, something not every work envi- in the more general context of tech- individuals’ assessment of the func-
ronment is able to provide, especially nology adoption but less relevant in tional benefits they associate with us-
because the definition of “state of the understanding the effect of perceived ing a privately owned device for work
art” is subjective. risks and benefits in the context of our purposes. Building on the premises of
Our study focused on mobile de- study. technology acceptance and use mod-
vices as an exemplary technology to “Uncertainty avoidance” refers els,22,29,33 we propose that the benefits
explain millennials’ behavioral inten- to “the extent to which individuals of using a privately owned device for
tions when it comes to the use of tech- feel vulnerable to unpredictable and work purposes are related to the char-
nology. This area is of great concern unknown situations.”9 People with acteristics of the technology and the
to practitioners, including CIOs and strong UA values fear uncertainty. In functional advances it provides.29 We
senior IT managers.31 the context of work-related technol- thus assume perceived benefits as a
To understand the role of such con- ogy, they need the predictability often multidimensional construct compris-
tradictory factors in individual deci- provided by rules, policies, and struc- ing three facets of employment behav-
sion making, social psychology pro- ture in organizations that IT consum- ior: performance expectancy; effort
vides net-valence models (NVMs) that erization contradicts or dilutes. UA expectancy; and compatibility.
assume individuals intend to perform can thus help understand how mil- Employees may realize productiv-
an action only if the perceived benefits lennials perceive the risks associated ity gains when allowed to select de-
outweigh the associated costs.7,26 Prior with IT consumerization. vices on their own.14 Consequently,
research found NVMs help explain the “Individualism/collectivism” is performance expectancy reflects the
adoption of technology-related ser- one of the most widely studied cultur- extent individuals perceive that using
vices.17 Other prominent theories on al values in cross-cultural research,30 privately owned devices supports their
technology adoption (such as Unified referring to “an individual’s prefer- ability to perform better at work.33
Theory of Acceptance and Use of Tech- ence for a social framework where in- Moreover, devices selected by individ-
nology33) do not capture the risks asso- dividuals take care of themselves (in- ual employees are usually perceived as
ciated with technology use and is why dividualism), as opposed to how they easier to use and more intuitive than
we chose NVMs as our theoretical lens expect the group to take care of them those provided by an IT department.25
(see Figure 1). in exchange for their loyalty (collec- We thus define effort expectancy as
Cultural values and IT use behav- tivism).”9 Individuals with individual- the degree of ease an individual as-
ior. Millennials’ use of corporate IT istic values have a more complex and sociates with using a privately owned
involves multiple challenges for IT more frequently sampled private self. device as compared to using a device
executives worldwide. However, the Consequently, their own goals, be- provided by an IT department. Overall
literature suggests behavioral mod- liefs, and values are more salient. Con- benefit perceptions are also formed
els do not apply universally across all sidering technology use at work, they by an individual’s work style and as-
cultures.30 Research by Srite and Kara- are more concerned with the benefits sociated needs and values. To capture
hanna30 showed the significance of they might achieve than the disadvan- these influential factors, Moore and
factors determining technology use tages that could arise for others. IC is Benbasat22 proposed the construct
are notably dependent on espoused thus useful in understanding how mil- “compatibility” as the degree to which
cultural values, particularly those re- lennials perceive benefits associated using a privately owned device for
flecting national culture. National cul- with IT consumerization, especially work purposes fits the individual’s
ture refers to “the collective program- when there could be conflict between work style. Employees who agree to
ming of the mind that distinguishes themselves and their employers. be available for work responsibilities
the members of one group or category (such as to respond to email messag-
of people from another.”11 Hofstede Research Model es) after work hours are more likely to
and Bond10 proposed five dimensions Based on NVMs, it is assumed an in- see the use of their devices for busi-
of national culture: power distance; dividual’s behavioral intention to use ness purposes as beneficial.
Following these insights, we hy- Using a device for both private and
pothesize that perceived benefits in- business purposes entails the risk that
fluence individuals’ consumerization personal information is disclosed to
behavior: the employer without the employee’s
Hypothesis 1. The greater the per-
ceived benefits of using privately Granting myriad consent and knowledge.21 Privacy risk,
as defined by Featherman and Pavlou6
owned devices for work purposes, the
greater an individual’s intention to
different consumer as the “potential loss of control over
personal information,”6 encompasses
participate in a BYOD program. devices access this facet of risky behavior. Business
“Perceived risk” reflects negative
utility from a subjective perspective, a
to the corporate data, as well as personal data, is at
risk. The potential for corporate data
concept introduced by Bauer2 as part network is to be exposed to unauthorized third
of his “Perceived Risk Theory,” which
assumes subjective risk perceptions
a nightmare for parties also increases when individu-
als use their private devices for work
directly influence an individual’s in- anyone concerned purposes.25 Information security is
tention to perform a certain action.4
Perceived risk is defined by Cunning- about IT security. one of the most important topics re-
lated to IT consumerization, as 90%
ham4 as “the amount that would be of all corporate data breaches fall into
lost, or that which is at stake, if the four patterns:34 lost and stolen devic-
consequences of an act were not fa- es, user-initiated crimeware, insider
vorable, and the individual’s sub- misuse, and miscellaneous human
jective feeling of certainty that the errors. To capture this facet of risky
consequences will be unfavorable.” behavior, we assume security risk, or
Featherman and Pavlou6 and Hoehle potential loss due to fraud or a hacker
et al.9 found perceived risk plays a sig- compromising corporate information
nificant role in individuals’ IT-use be- security,16 contributes to overall per-
havior. ceived risk.
To reflect the perceived cost as- We thus hypothesize that perceived
sociated with using privately owned risk negatively affects individuals’
devices, we define perceived risk as decisions regarding use of privately
the belief of individuals about the owned devices at work:
potential negative outcomes caused Hypothesis 2. The greater the per-
by using privately owned devices on ceived risk of using privately owned
the job. The negative consequences devices for work purposes, the lower
of such behaviors can be classified an individual’s intention to partici-
into multiple types of loss, indicat- pate in a BYOD program.
ing that, as with perceived benefit, We also assume the perceived risk
perceived risk is a multidimensional associated with IT consumerization
construct.6,16 Based on the arguments influences behavioral intention indi-
discussed earlier regarding consum- rectly by negatively affecting perceived
erization and its effects on corporate benefits. For instance, as a measure of
IT, we hypothesize that using privately safeguarding IT security, firms usu-
owned devices for business purposes ally adopt policies that allow them to
encompasses three facets of risk: per- erase data when an employee’s de-
formance; privacy; and security. vice is lost or stolen. Such “loss of full
Using privately owned devices for ownership” significantly affects the
work purposes generally shifts re- perceived benefits of BYOD.28 We thus
sponsibility from the IT department propose:
to the individual. For instance, the Hypothesis 3. The perceived risk of
individual is, at least psychologically, using privately owned devices for work
accountable for “how well the [device] purposes negatively affects an individ-
will perform relative to expectations.”1 ual’s perception of benefit.
The risk associated with using one’s Cultural values. Research provides
own devices on the job includes the evidence that millennials’ cultural
potential that the device the individ- values influence their technology-use
ual is responsible for is not sufficient behavior.30 However, it remains to be
for its intended business purpose. demonstrated whether the proposed
Performance risk thus reflects the po- NVM holds across the general popu-
tential for not being able to perform lation of millennials who reflect a va-
business activities as expected. riety of cultural values.30 We propose
O C TO B E R 2 0 1 7 | VO L. 6 0 | N O. 1 0 | C OM M U N IC AT ION S OF T HE ACM 65
contributed articles
Uncertainty
Methodology
Avoidance Here, we discuss our data collection,
Performance Risk sample clustering, data analysis, and
results:
Perceived H4a Data collection. To test our re-
Privacy Risk
Risks
search model, we developed a ques-
H2 (–)
tionnaire with a set of measurement
Security Risk
items for each construct, and to
Behavioral
H3 (–)
Intention
safeguard measurement validity, we
adapted items from prior research, as
Performance Expectancy outlined in the online appendix (dl.
H1 (+)
acm.org/citation.cfm?doid=3132745
Effort Expectancy Perceived &picked=formats).
Benefits H4b
We distributed the questionnaire
among students in their final year of
Compatibility
Individualism/
undergraduate studies and with rel-
Collectivism evant work experience (most respon-
dents worked full time for at least six
months during their studies) using
an online survey tool. Our approach
is consistent with Vodanovich et al.35
that the explanatory power of the the- ing a privately owned device can indi- who suggested conducting surveys
oretical model depends on how dis- cate that individuals are more strongly with students to understand how
tinctively millennials espouse charac- concerned with their own needs than millennials (“digital natives” in their
teristic cultural values. with those of the collective, includ- terminology) use technology. We col-
Based on these arguments, we ex- ing their employers. We thus expect lected data from students with “tech-
pect to see distinctions in individu- individuals who espouse individual- nology-affine” majors—“information
alistic values and perceptions toward istic cultural values to more strongly systems,” “industrial engineering,”
uncertainty. Using their own devices value the benefits of using privately and “business administration”—in a
for work purposes enables millennials owned devices. Likewise, we assume number of universities worldwide. We
to express their sense of self and bet- individuals who experience less diffi- chose countries with different values
ter achieve their own goals and follow culty dealing with uncertainty to put of UA and IC, according to Hofstede.11
their own beliefs and values. Also, us- less emphasis on the potential risks After stripping out incomplete ques-
tionnaires, we received a total of 402 The formative measures of “per- and security risk contributed signifi-
valid responses. ceived benefits” were significant, at cantly only to the formative index of
Clustering for espoused cultural least at the .05 level, and path coeffi- the complete dataset. Although not
values. We conducted exploratory fac- cients were greater than .1, suggest- all facets of risky behavior contrib-
tor analysis, a statistical method used ing the chosen characteristics of each uted significantly, VIF was less than 2
to uncover the underlying structure category were relevant for the forma- within all three datasets, confirming
in a large set of variables, to test the tion of the construct (see Table 2). indicator validity. Consequently, low
“unidimensionality” of the measure- Moreover, the variance inflation factor redundancy of indicators’ informa-
ment items for IC and UA. It revealed (VIF) was less than 2, supporting our tion was confirmed.
three items measuring IC and two assumption for indicator validity. The results show performance
items measuring UA load with a high The formative measures of “per- risk contributed significantly to over-
coefficient on the factors they are in- ceived risks” revealed mixed results all risk perception in dataset B and
tended to measure (loadings > 0.79). regarding the risk facets’ contribu- C, while security risk contributed to
Using the factor scores of these items, tion to the formation of the formative overall risk perception in only the
we then conducted a K-means clus- index. We found privacy risk was not complete dataset C. Privacy risk did
tering. Cluster analysis revealed two relevant regardless of dataset used; not significantly contribute to per-
clusters (see Table 1) where the first performance risk was significant only ceived risk, regardless of dataset. And
cluster (referred to as A) encompassed in subset B and the complete dataset; performance expectancy, effort expec-
respondents with high IC scores (clus-
ter center 0.13) and low UA scores Table 2. Formative constructs measurements.
(cluster center −0.61), and the second
cluster (referred to as B) encompassed Construct Facet Cluster A Cluster B Complete Set C
O C TO B E R 2 0 1 7 | VO L. 6 0 | N O. 1 0 | C OM M U N IC AT ION S OF T HE ACM 67
contributed articles
O C TO B E R 2 0 1 7 | VO L. 6 0 | N O. 1 0 | C OM M U N IC AT ION S OF T HE ACM 69
Copyright of Communications of the ACM is the property of Association for Computing
Machinery and its content may not be copied or emailed to multiple sites or posted to a
listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.