Information security (InfoSec) has become an imperative for organizations that are facing increasing cyber-attacks. In Information Systems (IS) literature, it is well known the crucial role of employees' behavior to achieve and maintain InfoSec. However, research on risky InfoSec behavior primarily focused on individual-level studies that have not thus far considered group-level dynamics and social processes. This project aims to understand how the dynamics of collective deviance of InfoSec policies occur in the workplace. It will be conducted an interpretive qualitative study with real-life narratives. The data will be collected by interviewing members of deviant workgroups within organizations in Finland. This project aims to fill the voids on reasons behind non-compliance within workgroups. Also, it can help managers to deal with risky InfoSec behavior by developing group-oriented strategies to ensure cybersecurity while maintaining work performance.

2022

2025