ABSTRACT
This study investigates the effects of self-efficacy on intentions toward information security policy compliance and behaviors in shadow information technology, with self-efficacy being divided into information technology self-efficacy and information security self-efficacy. An experiment was conducted and a total of 83 valid subjects were recruited in this study. Data were collected on the subjects’ behaviors during the experiment, and quantitative data were also collected using a posttest questionnaire. The findings indicated that ITSE and ISSE positively correlated with information security policy (ISP) compliance, suggesting that improving self-efficacy in either aspect will improve ISP compliance intention. However, ISP compliance did not correlate significantly with shadow IT usage, as subjects with high ISP compliance still used shadow IT. Therefore, there was a discrepancy between intention and actual behavior. In practical terms, organizations can use training and education to improve their employees’ self-efficacy in the technically challenging or unfamiliar aspects of IT and ISP compliance, improve their ISP compliance intention, and reduce the possibility of ISP violations, such as shadow IT usage.
Disclosure statement
No potential conflict of interest was reported by the author(s).