Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective

ABSTRACT Bring-Your-Own-Device (BYOD) has gained increased popularity in organizations but may engender information security concerns. To address these concerns, employees are expected to opt-in and comply with organizational BYOD security policy. This study investigates the factors that affect employees’ opt-in decisions with BYOD security policy. Drawing on the theoretical lenses of persuasion and cognitive elaboration, we propose that employees’ cognitive elaborations of BYOD security policy could be affected by the valence of justification of the BYOD security policy, the stringency of BYOD security measures, and the sequence of the introduction of BYOD security policy in relation to employees’ use of personal devices to perform organizational tasks and such cognitive elaborations would in turn affect opt-in decisions. We conducted an experimental survey to test our propositions. The results indicate that positive BYOD security policy justification framing and post-task security policy exposure would lead to more positive cognitive elaboration, decision to opt-in, and compliance with the BYOD security policy. This research has significant implications for security management with respect to the design and implementation of BYOD security policy within an organization according to the nature of security policy and the task requirements.