A4 Article in conference proceedings
The Collective Violation Talkshow : How do Workgroups Account for Cyberdeviance? (2023)

Labres Mallmann, G., & Soliman, W. (2023). The Collective Violation Talkshow : How do Workgroups Account for Cyberdeviance?. In SCIS 2023 : Proceedings of the 14th Scandinavian Conference on Information Systems (Article 9). Association for Information Systems. https://aisel.aisnet.org/scis2023/9/

JYU authors or editors

Publication details

All authors or editorsLabres Mallmann, Gabriela; Soliman, Wael

Parent publicationSCIS 2023 : Proceedings of the 14th Scandinavian Conference on Information Systems

Place and date of conferencePorvoo, Finland13.-16.8.2023


Publication year2023

Article number9

PublisherAssociation for Information Systems

Publication countryUnited States

Publication languageEnglish

Persistent website addresshttps://aisel.aisnet.org/scis2023/9/

Publication open accessOpenly available

Publication channel open accessOpen Access channel

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/89262


Cyberdeviance within workgroups is one of the most challenging cybersecurity problems facing modern organizations. Cyberdeviance is an intentional form of security policy violation, reflecting the outcome of a justification process deeming the violation acceptable for the violator. The collective nature of cyberdeviance within groups increases the challenge because group context can steer members to act in accordance with the group’s decisions, even when it violates organizational directives. Despite these challenges, we know very little about how workgroups justify cyberdeviance. We ask: How do workgroups create and validate accounts for cyberdeviance? Guided by the theoretical lens of accounts and based on insights from five deviant workgroups using unauthorized technologies (aka, shadow IT), our analysis points to three core findings. First, the group context is crucial to understanding the violation framing process. Second, at the discursive level, the groups use a unique set of verbalizations that deem cyberdeviance acceptable within the group. Third, we found that this set of verbalized accounts is instrumental to ensure group cohesion and belongingness. We discuss the theoretical and practical implications of these novel insights.

Keywordsdata systemsworking groupsgroup workdata security

Free keywordscyberdeviance; ISP violation; workgroups; accounts; neutralization; rationalization; justification; multilevel

Contributing organizations

Ministry reportingYes

Reporting Year2023

JUFO rating0

Last updated on 2024-15-05 at 13:23