{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T18:05:13Z","timestamp":1780337113789,"version":"3.54.1"},"reference-count":45,"publisher":"American Accounting Association","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,6,1]]},"abstract":"ABSTRACT<\/jats:title>\n The purpose of this study is to examine the factors that determine whether employees follow Bring Your Own Device (BYOD) policies through the lens of the Protection Motivation Theory. BYOD is rapidly becoming the norm rather than the exception. As a result, firms are establishing BYOD policies to address the risk inherent in allowing individuals to use their own devices to access or store company data. This paper reports the results of a survey of accounting students, non-accounting students, and full-time employees. Results demonstrate that participants' intentions to comply with a BYOD policy were primarily motivated by Self Efficacy and Response Efficacy. Further, Threat Severity was more salient for accountants than non-accountants, perhaps due to their sensitivity to confidential data. Finally, when actual compliance behavior was considered, costs to comply were much more salient to employees and could be strong deterrents to full compliance. These findings have important theoretical and practical implications.<\/jats:p>","DOI":"10.2308\/isys-50704","type":"journal-article","created":{"date-parts":[[2014,1,10]],"date-time":"2014-01-10T23:07:04Z","timestamp":1389395224000},"page":"209-226","source":"Crossref","is-referenced-by-count":82,"title":["Understanding Compliance with Bring Your Own Device Policies Utilizing Protection Motivation Theory: Bridging the Intention-Behavior Gap"],"prefix":"10.2308","volume":"28","author":[{"given":"Robert E.","family":"Crossler","sequence":"first","affiliation":[{"name":"Mississippi State University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"James H.","family":"Long","sequence":"additional","affiliation":[{"name":"Auburn University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tina M.","family":"Loraas","sequence":"additional","affiliation":[{"name":"Auburn University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Brad S.","family":"Trinkle","sequence":"additional","affiliation":[{"name":"Mississippi State University"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1112","published-online":{"date-parts":[[2014,1,1]]},"reference":[{"key":"2024082915390146400_i1558-7959-28-1-209-AmericanInstituteOfCertifiedPublicAccountantsAICPA1","unstructured":"American Institute of Certified Public Accountants (AICPA).1992. AICPA Code of Professional Conduct. Section ET 301.01. New York, NY: AICPA."},{"issue":"3","key":"2024082915390146400_i1558-7959-28-1-209-Anderson1","doi-asserted-by":"crossref","first-page":"613","DOI":"10.2307\/25750694","article-title":"Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions","volume":"34","author":"Anderson","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Ashton1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.2307\/2490389","article-title":"Students as surrogates in behavioral accounting research: Some evidence","volume":"18","author":"Ashton","year":"1980","journal-title":"Journal of Accounting Research"},{"issue":"4","key":"2024082915390146400_i1558-7959-28-1-209-Bagozzi1","doi-asserted-by":"crossref","first-page":"244\u2013","DOI":"10.17705\/1jais.00122","article-title":"The legacy of the technology acceptance model and a proposal for a paradigm shift","volume":"8","author":"Bagozzi","year":"2007","journal-title":"Journal of the Association for Information Systems"},{"key":"2024082915390146400_i1558-7959-28-1-209-Boomer1","article-title":"Are you ready for BYOD?","volume":"34","author":"Boomer","year":"2012","journal-title":"CPA Practice Advisor"},{"key":"2024082915390146400_i1558-7959-28-1-209-Brandon1","doi-asserted-by":"crossref","DOI":"10.2308\/bria-50651","article-title":"Online instrument delivery and participant recruitment services: Emerging opportunities for behavioral accounting research","author":"Brandon","year":"2014","journal-title":"Behavioral Research in Accounting"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Bryant1","doi-asserted-by":"crossref","first-page":"37","DOI":"10.2308\/bria.2009.21.1.37","article-title":"The effects of cognitive style and feedback type on performance in an internal control task","volume":"21","author":"Bryant","year":"2009","journal-title":"Behavioral Research in Accounting"},{"issue":"3","key":"2024082915390146400_i1558-7959-28-1-209-Bulgurcu1","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"5","key":"2024082915390146400_i1558-7959-28-1-209-Chaudhry1","first-page":"69","article-title":"Tech strategy\u2014Needed: A corporate mobile device policy","volume":"28","author":"Chaudhry","year":"2012","journal-title":"Financial Executive\u2014Magazine of Financial Executive Institute"},{"key":"2024082915390146400_i1558-7959-28-1-209-Chin1","first-page":"295","article-title":"The partial least squares approach to structural equation modeling","author":"Chin","year":"1998","journal-title":"Modern Methods for Business Research"},{"key":"2024082915390146400_i1558-7959-28-1-209-Chin2","unstructured":"Chin, W. W. \n \n 2001. PLS-Graph User's Guide. Version 3.0. Available at: http:\/\/carma.wayne.edu\/documents\/oct1405\/plsgraph3.0manual.hubona.pdf"},{"key":"2024082915390146400_i1558-7959-28-1-209-Chin3","unstructured":"Chin, W. W. \n \n 2006. PLS Graph Version 3.00, Build 1017. Houston, TX: University of Houston."},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Churchill1","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1177\/002224377901600110","article-title":"A paradigm for developing better measures of marketing constructs","volume":"16","author":"Churchill","year":"1979","journal-title":"Journal of Marketing Research"},{"key":"2024082915390146400_i1558-7959-28-1-209-Crossler1","article-title":"Protection motivation theory: Understanding determinants to backing up personal data","author":"Crossler","year":"2010","journal-title":"Paper read at 43rd Hawaii International Conference on System Sciences (HICSS)"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Crossler2","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","article-title":"Future directions for behavioral information security research","volume":"32","author":"Crossler","year":"2013","journal-title":"Computers and Security"},{"key":"2024082915390146400_i1558-7959-28-1-209-Debreceny1","doi-asserted-by":"crossref","DOI":"10.2308\/isys-10140","article-title":"Betwixt and between? Bringing information systems and accounting systems research together","author":"Debreceny","year":"2011","journal-title":"Journal of Information Systems"},{"issue":"August","key":"2024082915390146400_i1558-7959-28-1-209-Drew1","first-page":"44","article-title":"Managing cybersecurity risks","author":"Drew","year":"2012","journal-title":"Journal of Accountancy"},{"key":"2024082915390146400_i1558-7959-28-1-209-Efron1","unstructured":"Efron, B., and R. Tibshirani. \n 1998. An Introduction to the Bootstrap. Boca Raton, FL: Chapman and Hall\/CRC Press LLC."},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Elliot1","doi-asserted-by":"crossref","first-page":"139","DOI":"10.2308\/accr.2007.82.1.139","article-title":"Are M.B.A. students a good proxy for nonprofessional investors?","volume":"82","author":"Elliot","year":"2007","journal-title":"The Accounting Review"},{"key":"2024082915390146400_i1558-7959-28-1-209-ErnstaYoung1","article-title":"Global Information Security Survey 2012","author":"Ernst & Young","year":"2012"},{"key":"2024082915390146400_i1558-7959-28-1-209-Eschelbeck1","unstructured":"Eschelbeck, G., and D. Schwartzbert. \n 2012. BYOD Risks and Rewards. SOPHOS. Available at: http:\/\/www.Sophos.Com\/En-Us\/Security-News-Trends\/Security-Trends\/Byod-Risks-Rewards.Aspx"},{"issue":"2","key":"2024082915390146400_i1558-7959-28-1-209-Floyd1","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1559-1816.2000.tb02323.x","article-title":"A meta-analysis of research on protection motivation theory","volume":"30","author":"Floyd","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"key":"2024082915390146400_i1558-7959-28-1-209-Fortinet1","unstructured":"Fortinet. 2012. Fortinet\u00ae Global Survey Reveals \u2018First Generation' BYOD Workers Pose Serious Security Challenges to Corporate IT Systems. Available at: http:\/\/www.Fortinet.Com\/Press_Releases\/120619.html"},{"key":"2024082915390146400_i1558-7959-28-1-209-GFI1","unstructured":"GFI. 2013. It's Time Businesses Wake Up to Mobile Security Reality. Available at: http:\/\/www.Threattracksecurity.Com\/Documents\/Business-Antivirus-White-Paper-Mobile-Security-Reality.pdf"},{"issue":"2","key":"2024082915390146400_i1558-7959-28-1-209-Herath1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: A framework for security policy compliance in organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Ifinedo1","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory","volume":"31","author":"Ifinedo","year":"2012","journal-title":"Computers and Security"},{"key":"2024082915390146400_i1558-7959-28-1-209-InformationSystemsAuditandControlAssociationISACA1","unstructured":"Information Systems Audit and Control Association (ISACA). 2012. 2012 IT Risk\/Reward Barometer: U.S. Consumer Edition. Available at: http:\/\/www.Isaca.Org\/Sitecollectiondocuments\/2012-Risk-Reward-Barometer-US-Consumer.pdf"},{"issue":"3","key":"2024082915390146400_i1558-7959-28-1-209-Johnston1","doi-asserted-by":"crossref","first-page":"548","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: An empirical study","volume":"34","author":"Johnston","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2024082915390146400_i1558-7959-28-1-209-Lee1","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1057\/ejis.2009.11","article-title":"Threat or coping appraisal: Determinants of SMB executives' decision to adopt anti-malware software","volume":"18","author":"Lee","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2024082915390146400_i1558-7959-28-1-209-Lee2","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1016\/j.dss.2010.07.009","article-title":"Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective","volume":"50","author":"Lee","year":"2011","journal-title":"Decision Support Systems"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Liang1","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2307\/20650279","article-title":"Avoidance of information technology threats: A theoretical perspective","volume":"33","author":"Liang","year":"2009","journal-title":"MIS Quarterly"},{"issue":"7","key":"2024082915390146400_i1558-7959-28-1-209-Liang2","doi-asserted-by":"crossref","first-page":"394","DOI":"10.17705\/1jais.00232","article-title":"Understanding security behaviors in personal computer usage: A threat avoidance perspective","volume":"11","author":"Liang","year":"2010","journal-title":"Journal of the Association for Information Systems"},{"issue":"8","key":"2024082915390146400_i1558-7959-28-1-209-Libby1","doi-asserted-by":"crossref","first-page":"775","DOI":"10.1016\/S0361-3682(01)00011-3","article-title":"Experimental research in financial accounting","volume":"27","author":"Libby","year":"2002","journal-title":"Accounting, Organizations and Society"},{"key":"2024082915390146400_i1558-7959-28-1-209-Milne1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1111\/j.1559-1816.2000.tb02308.x","article-title":"Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory","volume":"30","author":"Milne","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"key":"2024082915390146400_i1558-7959-28-1-209-Molok1","article-title":"Disclosure of organizational information on social media: Perspectives from security managers","author":"Molok","year":"2013","journal-title":"Paper read at Pacific Asia Conference on Information Systems (PACIS)"},{"issue":"5","key":"2024082915390146400_i1558-7959-28-1-209-Neuwirth1","doi-asserted-by":"crossref","first-page":"721","DOI":"10.1111\/0272-4332.205065","article-title":"Protection motivation and risk communication","volume":"20","author":"Neuwirth","year":"2000","journal-title":"Risk Analysis"},{"issue":"5","key":"2024082915390146400_i1558-7959-28-1-209-Podsakoff1","doi-asserted-by":"crossref","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common method biases in behavioral research: A critical review of the literature and recommended remedies","volume":"88","author":"Podsakoff","year":"2003","journal-title":"Journal of Applied Psychology"},{"issue":"2","key":"2024082915390146400_i1558-7959-28-1-209-Prosch1","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1057\/jdg.2008.7","article-title":"Protecting personal information using generally accepted privacy principles (GAPP) and continuous control monitoring to enhance corporate governance","volume":"5","author":"Prosch","year":"2008","journal-title":"International Journal of Disclosure and Governance"},{"issue":"5\/6","key":"2024082915390146400_i1558-7959-28-1-209-Purvis1","doi-asserted-by":"crossref","first-page":"551","DOI":"10.1016\/0361-3682(89)90018-4","article-title":"The effect of audit documentation format on data collection","volume":"14","author":"Purvis","year":"1989","journal-title":"Accounting, Organizations and Society"},{"key":"2024082915390146400_i1558-7959-28-1-209-Ringle1","unstructured":"Ringle, C. M., \n \n S. Wende, and A. Will. \n 2005. SmartPLS (2.0 Beta). Available at: http:\/\/smartpls.software.informer.com\/2.0\/"},{"issue":"1","key":"2024082915390146400_i1558-7959-28-1-209-Rogers1","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","author":"Rogers","year":"1975","journal-title":"Journal of Psychology: Interdisciplinary and Applied"},{"issue":"February","key":"2024082915390146400_i1558-7959-28-1-209-Semer1","first-page":"23","article-title":"Auditing the BYOD program","author":"Semer","year":"2013","journal-title":"Internal Auditor"},{"key":"2024082915390146400_i1558-7959-28-1-209-Sullivan1","unstructured":"Sullivan, D. \n \n 2012. How to Plan for BYOD Security: Maas360. Available at: http:\/\/searchconsumerization.techtarget.com\/tip\/How-to-plan-for-BYOD-security"},{"key":"2024082915390146400_i1558-7959-28-1-209-Woon1","article-title":"A protection motivation theory approach to home wireless security","author":"Woon","year":"2005","journal-title":"Paper read at Twenty-Sixth International Conference on Information Systems (ICIS)"},{"issue":"6","key":"2024082915390146400_i1558-7959-28-1-209-Workman1","doi-asserted-by":"crossref","first-page":"2799","DOI":"10.1016\/j.chb.2008.04.005","article-title":"Security lapses and the omission of information security measures: A threat control model and empirical test","volume":"24","author":"Workman","year":"2008","journal-title":"Computers in Human Behavior"}],"container-title":["Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/28\/1\/209\/11907\/isys-50704.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/28\/1\/209\/11907\/isys-50704.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T17:29:41Z","timestamp":1724952581000},"score":1,"resource":{"primary":{"URL":"https:\/\/publications.aaahq.org\/jis\/article\/28\/1\/209\/1580\/Understanding-Compliance-with-Bring-Your-Own"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,1,1]]},"references-count":45,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2014,1,1]]},"published-print":{"date-parts":[[2014,6,1]]}},"URL":"https:\/\/doi.org\/10.2308\/isys-50704","relation":{},"ISSN":["1558-7959","0888-7985"],"issn-type":[{"value":"1558-7959","type":"electronic"},{"value":"0888-7985","type":"print"}],"subject":[],"published":{"date-parts":[[2014,1,1]]}}}