People born after 1980, often called "millennials" by demographic researchers, behave differently from older generations in significant ways. They are the first "digital natives," the "always on generation" that expects to have information instantly and always available at its fingertips. Their attitudes have been described by previous research in often unfavorable terms. And when they enter the workplace, they pose a major challenge to managers from older generations, who, it has been shown, typically follow a different set of values.
Our research investigates the attitudes of millennials who have not yet entered the workforce toward the use of information technology (IT) in terms of "IT consumerization." Specifically, we want to know how this significant part of the population weighs benefits against risks when it comes to intention to use technology in a business environment.
In 2013, we conducted an international study involving 402 students in their final year of undergraduate study just before entering the workplace. We received feedback from students at Neu-Ulm University of Applied Sciences (Germany), Dongbei University of Finance & Economics (China), Texas Woman's University (U.S.), Carleton University (Canada), Fundação Getulio Vargas (Brazil), and RMIT University (Australia). We found they share a common set of values regardless of nationality, including motivational drivers that would alarm corporate IT managers, if known. The individuals in our sample value their own benefit highly and dramatically neglect the risks their actions might pose.
The way we work, think, and behave is heavily influenced by the Internet, email, smartphones, and other technological innovations that have proliferated over the past 20 to 30 years. The generation of people born after 1980 is the first to grow up with information everywhere, anytime24 and referred to as digital natives, or, more commonly, millennials.15
Many studies have sought to analyze them.20 For example, in their 2010 literature review, Ng et al.24 characterized them as "want it all" and "want it now." It seems generally accepted in research and practice alike that millennials are difficult to cope with when entering the workplace from the perspective of managers born perhaps decades earlier.32 However, given the need for talent in today's technology-driven society, especially in computer science, management needs to adapt and offer millennials working conditions that attract them.37
Previous research focused mainly on millennials' attitudes toward work.3 Their attitude toward using technology for work purposes has not yet, however, received sufficient academic attention.35 There is a striking paucity of research looking at how millennials use technology for professional and personal purposes.35 To partially close this gap, we conducted our study on the motivational factors that shape millennials' intention to use technology in the context of IT consumerization. Here come the cherry pickers.
Here, we introduce the concept of IT consumerization, then discuss how national culture was relevant in our study:
IT consumerization. IT consumerization describes the ongoing process of blending private and business life when it comes to the use of technology, as driven by employees who push IT solutions they use privately into the workplace.38 This applies to hardware (as in "bring your own device," or BYOD) where privately owned laptops, tablets, and smartphones are used for business tasks but also to software when online email services or cloud-storage solutions are used for business purposes.31 "Ownership" of the device or service is usually regarded as a key characteristic of IT consumerization,14,25 as possession shifts from employer to user/employee.
We expect IT consumerization to have a positive influence on employees' work performance by increasing satisfaction, flexibility, and mobility.14 It is also demanded by more and more employees who want to use their own smartphone to, say, access corporate email messages.36 However, using privately owned devices at work involves risks like blurred boundaries between professional and private lives,5,13,25 creating additional stress for the employee (such as when responding to email messages on weekends when technically not at work). Not only users, but their employers as well, face notable challenges from this trend. Anecdotal evidence indicates corporate IT departments are under pressure to give in to user demands to be allowed to use privately owned IT for work purposes. However, granting myriad different consumer devices access to the corporate network is a nightmare for anyone concerned about IT security.
Consumerization of IT seems to be a key characteristic of millennials, as their desire to be always on is not limited only to the workplace. In the same vein, they are accustomed to always using state-of-the-art technology, something not every work environment is able to provide, especially because the definition of "state of the art" is subjective.
Our study focused on mobile devices as an exemplary technology to explain millennials' behavioral intentions when it comes to the use of technology. This area is of great concern to practitioners, including CIOs and senior IT managers.31
To understand the role of such contradictory factors in individual decision making, social psychology provides net-valence models (NVMs) that assume individuals intend to perform an action only if the perceived benefits outweigh the associated costs.7,26 Prior research found NVMs help explain the adoption of technology-related services.17 Other prominent theories on technology adoption (such as Unified Theory of Acceptance and Use of Technology33) do not capture the risks associated with technology use and is why we chose NVMs as our theoretical lens (see Figure 1).
Cultural values and IT use behavior. Millennials' use of corporate IT involves multiple challenges for IT executives worldwide. However, the literature suggests behavioral models do not apply universally across all cultures.30 Research by Srite and Karahanna30 showed the significance of factors determining technology use are notably dependent on espoused cultural values, particularly those reflecting national culture. National culture refers to "the collective programming of the mind that distinguishes the members of one group or category of people from another."11 Hofstede and Bond10 proposed five dimensions of national culture: power distance; individualism/collectivism; masculinity/femininity; uncertainty avoidance; and long-term orientation. Other research found that national cultural values strongly affect an individual's IT-adoption behavior.12,32
In order to understand how millennials perceive benefits and risks associated with IT consumerization across different cultures, we identified uncertainty avoidance (UA) and individualism/collectivism (IC) as the most relevant dimensions. Power distance, masculinity/femininity, and long-term orientation are important in the more general context of technology adoption but less relevant in understanding the effect of perceived risks and benefits in the context of our study.
"Uncertainty avoidance" refers to "the extent to which individuals feel vulnerable to unpredictable and unknown situations."9 People with strong UA values fear uncertainty. In the context of work-related technology, they need the predictability often provided by rules, policies, and structure in organizations that IT consumerization contradicts or dilutes. UA can thus help understand how millennials perceive the risks associated with IT consumerization.
"Individualism/collectivism" is one of the most widely studied cultural values in cross-cultural research,30 referring to "an individual's preference for a social framework where individuals take care of themselves (individualism), as opposed to how they expect the group to take care of them in exchange for their loyalty (collectivism)."9 Individuals with individualistic values have a more complex and more frequently sampled private self. Consequently, their own goals, beliefs, and values are more salient. Considering technology use at work, they are more concerned with the benefits they might achieve than the disadvantages that could arise for others. IC is thus useful in understanding how millennials perceive benefits associated with IT consumerization, especially when there could be conflict between themselves and their employers.
Based on NVMs, it is assumed an individual's behavioral intention to use privately owned devices on the job is determined by the outcome of weighing perceived benefits vs. perceived risks/associated costs, as in Figure 1.
Perceived benefits. Perceived benefits "include all benefits which the customer perceives as having been received."18 In the context of IT use, they reflect the overall positive utility individuals expect when using a particular technology.12 Prior research demonstrated that perceived benefits significantly affect behavioral intention regarding the use of IT.16,19
We define perceived benefits as individuals' assessment of the functional benefits they associate with using a privately owned device for work purposes. Building on the premises of technology acceptance and use models,22,29,33 we propose that the benefits of using a privately owned device for work purposes are related to the characteristics of the technology and the functional advances it provides.29 We thus assume perceived benefits as a multidimensional construct comprising three facets of employment behavior: performance expectancy; effort expectancy; and compatibility.
Employees may realize productivity gains when allowed to select devices on their own.14 Consequently, performance expectancy reflects the extent individuals perceive that using privately owned devices supports their ability to perform better at work.33 Moreover, devices selected by individual employees are usually perceived as easier to use and more intuitive than those provided by an IT department.25 We thus define effort expectancy as the degree of ease an individual associates with using a privately owned device as compared to using a device provided by an IT department. Overall benefit perceptions are also formed by an individual's work style and associated needs and values. To capture these influential factors, Moore and Benbasat22 proposed the construct "compatibility" as the degree to which using a privately owned device for work purposes fits the individual's work style. Employees who agree to be available for work responsibilities (such as to respond to email messages) after work hours are more likely to see the use of their devices for business purposes as beneficial.
Following these insights, we hypothesize that perceived benefits influence individuals' consumerization behavior:
Hypothesis 1. The greater the perceived benefits of using privately owned devices for work purposes, the greater an individual's intention to participate in a BYOD program.
"Perceived risk" reflects negative utility from a subjective perspective, a concept introduced by Bauer2 as part of his "Perceived Risk Theory," which assumes subjective risk perceptions directly influence an individual's intention to perform a certain action.4 Perceived risk is defined by Cunningham4 as "the amount that would be lost, or that which is at stake, if the consequences of an act were not favorable, and the individual's subjective feeling of certainty that the consequences will be unfavorable." Featherman and Pavlou6 and Hoehle et al.9 found perceived risk plays a significant role in individuals' IT-use behavior.
To reflect the perceived cost associated with using privately owned devices, we define perceived risk as the belief of individuals about the potential negative outcomes caused by using privately owned devices on the job. The negative consequences of such behaviors can be classified into multiple types of loss, indicating that, as with perceived benefit, perceived risk is a multidimensional construct.6,16 Based on the arguments discussed earlier regarding consumerization and its effects on corporate IT, we hypothesize that using privately owned devices for business purposes encompasses three facets of risk: performance; privacy; and security.
Using privately owned devices for work purposes generally shifts responsibility from the IT department to the individual. For instance, the individual is, at least psychologically, accountable for "how well the [device] will perform relative to expectations."1 The risk associated with using one's own devices on the job includes the potential that the device the individual is responsible for is not sufficient for its intended business purpose. Performance risk thus reflects the potential for not being able to perform business activities as expected.
Granting myriad different consumer devices access to the corporate network is a nightmare for anyone concerned about IT security.
Using a device for both private and business purposes entails the risk that personal information is disclosed to the employer without the employee's consent and knowledge.21 Privacy risk, as defined by Featherman and Pavlou6 as the "potential loss of control over personal information,"6 encompasses this facet of risky behavior. Business data, as well as personal data, is at risk. The potential for corporate data to be exposed to unauthorized third parties also increases when individuals use their private devices for work purposes.25 Information security is one of the most important topics related to IT consumerization, as 90% of all corporate data breaches fall into four patterns:34 lost and stolen devices, user-initiated crimeware, insider misuse, and miscellaneous human errors. To capture this facet of risky behavior, we assume security risk, or potential loss due to fraud or a hacker compromising corporate information security,16 contributes to overall perceived risk.
We thus hypothesize that perceived risk negatively affects individuals' decisions regarding use of privately owned devices at work:
Hypothesis 2. The greater the perceived risk of using privately owned devices for work purposes, the lower an individual's intention to participate in a BYOD program.
We also assume the perceived risk associated with IT consumerization influences behavioral intention indirectly by negatively affecting perceived benefits. For instance, as a measure of safeguarding IT security, firms usually adopt policies that allow them to erase data when an employee's device is lost or stolen. Such "loss of full ownership" significantly affects the perceived benefits of BYOD.28 We thus propose:
Hypothesis 3. The perceived risk of using privately owned devices for work purposes negatively affects an individual's perception of benefit.
Cultural values. Research provides evidence that millennials' cultural values influence their technology-use behavior.30 However, it remains to be demonstrated whether the proposed NVM holds across the general population of millennials who reflect a variety of cultural values.30 We propose that the explanatory power of the theoretical model depends on how distinctively millennials espouse characteristic cultural values.
Based on these arguments, we expect to see distinctions in individualistic values and perceptions toward uncertainty. Using their own devices for work purposes enables millennials to express their sense of self and better achieve their own goals and follow their own beliefs and values. Also, using a privately owned device can indicate that individuals are more strongly concerned with their own needs than with those of the collective, including their employers. We thus expect individuals who espouse individualistic cultural values to more strongly value the benefits of using privately owned devices. Likewise, we assume individuals who experience less difficulty dealing with uncertainty to put less emphasis on the potential risks of using privately owned devices for work purposes and hence to be more likely to use their own devices at work. We also expect perceived risk to be less important for millennials who espouse lower uncertainty-avoidance cultural values.
We thus propose that there are distinctive subcultures within the overall group of millennials that are determined by differences regarding their UA and IC values. We hypothesize that the subcultures will take different approaches toward risk/benefit-assessment of their intention to participate in a BYOD program:
Hypothesis 4. The effect of the perceived risks of using privately owned devices for work purposes differs among millennials with lower UA scores and millennials with higher UA scores. The effect of perceived benefits of using privately owned devices for work purposes also differs among millennials with higher IC scores and millennials with lower IC scores.
Here, we discuss our data collection, sample clustering, data analysis, and results:
Data collection. To test our research model, we developed a questionnaire with a set of measurement items for each construct, and to safeguard measurement validity, we adapted items from prior research, as outlined in the online appendix (dl.acm.org/citation.cfm?doid=3132745&picked=formats).
We distributed the questionnaire among students in their final year of undergraduate studies and with relevant work experience (most respondents worked full time for at least six months during their studies) using an online survey tool. Our approach is consistent with Vodanovich et al.35 who suggested conducting surveys with students to understand how millennials ("digital natives" in their terminology) use technology. We collected data from students with "technology-affine" majors"information systems," "industrial engineering," and "business administration"in a number of universities worldwide. We chose countries with different values of UA and IC, according to Hofstede.11 After stripping out incomplete questionnaires, we received a total of 402 valid responses.
Clustering for espoused cultural values. We conducted exploratory factor analysis, a statistical method used to uncover the underlying structure in a large set of variables, to test the "unidimensionality" of the measurement items for IC and UA. It revealed three items measuring IC and two items measuring UA load with a high coefficient on the factors they are intended to measure (loadings > 0.79). Using the factor scores of these items, we then conducted a K-means clustering. Cluster analysis revealed two clusters (see Table 1) where the first cluster (referred to as A) encompassed respondents with high IC scores (cluster center 0.13) and low UA scores (cluster center 0.61), and the second cluster (referred to as B) encompassed respondents with rather low IC scores (cluster center 0.20) and rather high UA scores (cluster center 0.93).
We characterized the respondents in group A as more individualistic and less risk-averse than in group B. Although both groups encompass only millennials, they showed different characteristics when it comes to the formation of behavioral intention. One could argue A is the more forthcoming, self-centered, and aggressive, while B represents the more group-oriented and considerate.
Measurement model assessment. We tested our model with partial least squares using SmartPLS 3.0 with 1,000 samples bootstrapping, assessing the measurement model with the complete dataset C, as well as with clusters A and B.
We measured behavioral intention reflectively (loadings of the indicators were above 0.95 and significant at the .001 level) and confirmed internal consistency by assessing Cronbach's Alpha (CA) and Composite Reliability (CR) measures. Both exceeded the threshold of 0.90 for all datasets: A CA=0.90, CR=0.95; B CA=0.92, CR=0.96; C CA=0.91; and CR=0.96. The average variance extracted was greater than 0.50 (A 0.91; B 0.93; and C 0.92), demonstrating sufficient convergent validity. Finally, we used cross-loading analysis to confirm that all constructs load highest with their respective items.
The formative measures of "perceived benefits" were significant, at least at the .05 level, and path coefficients were greater than .1, suggesting the chosen characteristics of each category were relevant for the formation of the construct (see Table 2). Moreover, the variance inflation factor (VIF) was less than 2, supporting our assumption for indicator validity.
The formative measures of "perceived risks" revealed mixed results regarding the risk facets' contribution to the formation of the formative index. We found privacy risk was not relevant regardless of dataset used; performance risk was significant only in subset B and the complete dataset; and security risk contributed significantly only to the formative index of the complete dataset. Although not all facets of risky behavior contributed significantly, VIF was less than 2 within all three datasets, confirming indicator validity. Consequently, low redundancy of indicators' information was confirmed.
The results show performance risk contributed significantly to overall risk perception in dataset B and C, while security risk contributed to overall risk perception in only the complete dataset C. Privacy risk did not significantly contribute to perceived risk, regardless of dataset. And performance expectancy, effort expectancy, and compatibility contributed significantly to perceived benefits in all datasets.
Structural model assessment. The results (see Figure 2) demonstrate the millennials responding to the survey primarily consider the benefits and neglect the risks of using technology; in our research context, which involves taking part in a corporate BYOD program.
Detailed analysis confirmed the existence of two distinct groups of millennials differentiated by their espoused cultural values in our sample. We named them due to their strong characteristics the "narcissists" (group A) and the "prudent" (group B). Both groups showed intentions expected by millennials: take the benefits and ignore the risks. However, the groups also showed different approaches to acting on their risk-and-benefit perceptions, depending on their respective IC/UA scores.
For millennials with high IC scores and low UA scoresnarcissistsrisk perceptions have no effect, while benefits are weighted comparatively high when it comes to technology-adoption decisions. Additionally, perceived risks do not significantly affect perceived benefits. For the group with low IC scores and high UA scores (prudent) risk and benefit perceptions arerelative to the narcissistsmore important for the intention to participate in a BYOD program. For these millennials, we found perceived risk was significantly related to perceived benefits (medium effect, Cohen's d=.163), indicating they are more aware of risk and react more cautiously.
Overall, the results show our research model is capable of explaining a good portion of the variance in millennials' behavioral intention to participate in a BYOD program (R2=.37). The explanatory power of the model is slightly stronger (R2=.42) for individuals categorized as the prudent.
Finally, removing perceived benefits from the model leads to a significantly stronger path between perceived risk and behavioral intention for the prudent (=244**) and for the combined dataset (=166**). This result indicates the effect of perceived risk on behavioral intention is most likely mediated by perceived benefits.
These results confirm our expectations but also point to unanticipated conclusions. Millennials are egocentric, especially when it comes to their expectations regarding the workplace.24,27 The respondents in our survey expect great benefit from using their own devices, but the related risks are not reflected in their behavioral decision patterns unless they are personally affected. In our sample, we also found that only those millennials who are more strongly oriented toward the collective and somehow feel vulnerable in unpredictable situations (prudent) are influenced to at least some degree by risk perceptions regarding the performance of their privately owned devices. These findings confirm what research expects23,24,27 and anecdotal evidence underlines.
What we did not expect was the cross-cultural homogeneity of the sample. Millennials' values seem uniform regardless of cultural background. Throughout our sample we did not find statistically significant differences in responses based on interviewee nationality. Investigating further, we used two distinct cultural valuesIC and UAto cluster the responses. We were able to distinguish between two groupsnarcissist and prudentthat react as typical millennials but also differ in tendencies toward their intention to participate in BYOD programs. Forming their intention, the prudent (with lower IC and higher UA) seem slightly more risk-sensitive than the narcissists (with higher IC and lower UA). Contrary to our expectations, the two groups were well distributed among all participants in our sample; that is, we found no significant correlation with nationality or any other control factor to define the two clusters.
Even if the intention to use privately owned devices had formed differently depending on IC and UA scores, millennials remain millennials first and foremost. The proposed facets of risk do not significantly contribute to their risk perceptions, which, in turn, do not show considerable direct effect on behavior intention to participate in corporate BYOD programs. Our data implies that risk perceptions influence their decision making, which is mediated through perceived benefits. However, this effect applies only to group B.
That is, the results show that the espoused cultural values individualism and uncertainty avoidance only slightly influenced survey-responding millennials' decision making regarding their IT consumerization behavior. Given these findings, our study contributes to theory and practice alike. First, it provides an NVM that accounts for the particularities of IT consumerization, demonstrating the risks/costs associated with the use of privately owned devices at work do not significantly affect decision making for most millennials. Further evidence is thus given that millennials are concerned mainly with their own benefit and happy to neglect the risks that do not jeopardize them directly. Privacy risk seems to be of no concern, as in Vodanovich35
Second, the study also enhances our knowledge of the role of millennials' espoused cultural values, showing for the first time in the academic literature that the formation of technology-use decisions are apparently universal for millennials independent of cultural background.
For corporate IT managers, our findings are a warning: Millennials will quite likely use their private devices for work, not necessarily as part of an official program, then through shadow IT. To avoid this, structured offerings should be made available. IT security managers should thus consider the implications of millennials' egocentric approach to risk. If users are not concerned about the risks their behavior poses to the company, then the company itself must be doubly cautious. To counter this potential threat, companies need to create robust BYOD programs that provide employees the benefits of using their own devices and simultaneously safeguard corporate data and networks.
Our findings embrace the typical limitations of empirical research: We had only a limited number of participants from a limited number of countries and who cannot be representative of the global millennial population. As such, our findings represent an indication but are not generalizable for all millennials. Additionally, our research subjects were students. Although all participants belonged to the millennial generation and had working experience, they were currently not all actually working. The part of the millennials population already in the active workforce was not included in our dataset. Even though we took care, it cannot be ruled out that the occasional participant lacked the required work experience. It is thus possible that some participants did not fully understand or misinterpreted the BYOD concept and its implication for their future working lives.
We conducted an international study to obtain information about how millennials about to enter the workforce weigh risks and benefits when it comes to using privately owned technology in the workplace. It included 402 students in their final year of study and with relevant work experience from six countries. The results indicate they pay a lot of attention to their own benefit and significantly neglect the risks associated with using privately owned technology on the job. We tested our hypothesis by asking them about their intention to use privately owned devices at work by enrolling in a corporate BYOD program. The responses showed they expect to use their private devices for work purposes. They perceive major benefits from using their own devices but pay little attention to the risk such use may impose on their employers. These findings have important implications for corporate IT managers who must deal with this new workforce (of cherry pickers).
However, a new generationborn after 1998, or "Gen-Z"will itself soon enter the workforce23 and expected to behave differentlymore concerned with risk and less on their own personal benefit.27 This change in employees' mindset will provide fruitful ground for further research. Further research should also look toward longitudinal datasets, as it would be interesting to find out how perceptions change before entering the workplace and then again after several months and years. Maybe IT managers could see cherry pickers evolve into socially minded corporate citizens over time.
1. Aldás-Manzano, J., Lassala-Navarre, C., Ruiz-Mafe, C., and Sanz-Blas, S. The role of consumer innovativeness and perceived risk in online banking usage. International Journal of Bank Marketing 27, 1 (2009), 5375.
3. Breitsohl, H. and Ruhle, S. Differences in work-related attitudes between Millennials and Generation X: Evidence from Germany. In Managing the New Workforce: International Perspective on the Millennial Generation, E.S.W. Ng, S. Lyons, and L. Schweitzer, Eds. Edward Elgar, Cheltenham, U.K., 2014, 107129.
5. Derks, D., Duin, D., Tims, M., and Bakker, A.B. Smartphone use and work-home interference: The moderating role of social norms and employee work engagement. Journal of Occupational and Organizational Psychology 88, 1 (Mar. 2015), 155177.
9. Hoehle, H., Zhang, X., and Venkatesh, V. An espoused cultural perspective to understand continued intention to use mobile applications: A four-country study of mobile social media application usability. European Journal of Information Systems 24, 3 (2015), 337359.
13. Köffer, S., Anlauf, L., Ortbach, K., and Niehaves, B. The intensified blurring of boundaries between work and private life through IT consumerization. In Proceedings of the European Conference on Information Systems (Münster, Germany, 2015).
16. Lee, M.-C. Factors influencing the adoption of Internet banking: An integration of TAM and TPB with perceived risk and perceived benefit. Electronic Commerce Research and Applications 8, 3 (May-June 2009), 130141.
17. Li, Y., Wang, X., Lin, X., and Hajli, M. Seeking and sharing health information on social media: A net-valence model and cross-cultural comparison. Technological Forecasting and Social Change (July 20, 2016); https://doi.org/10.10167/j.techfore.2016.07.021
19. Liu, Y., Yang, Y., and Li, H. A unified risk-benefit analysis framework for investigating mobile payment adoption. In Proceedings of the 2012 International Conference on Mobile Business. AIS Electronic Library, Atlanta, GA, 2012; http://aisel.aisnet.org/icmb2012/20
25. Niehaves, B., Köffer, S., and Ortbach, K. IT consumerization: A theory and practice review. In Proceedings of the 18th Americas Conference on Information Systems (Seattle, WA, Aug. 911). Association for Information Systems, Atlanta, GA, 2012.
27. Pew Research. Teens, Social Media, and Privacy. Pew Research, Washington, D.C., 2013; http://www.pewinternet.org/files/2013/05/PIP_TeensSocialMediaandPrivacy_PDF.pdf
34. Verizon. Data Breach Investigations Report, 2015; https://iapp.org/media/pdf/resource_center/Verizon_data-breach-investigation-report-2015.pdf
36. Weeger, A. and Gewald, H. Factors influencing future employees' decision making to participate in a BYOD program: Does risk matter? In Proceedings of the 22nd European Conference on Information Systems (Tel Aviv, Israel), 2014.
Copyright held by the authors. Publication rights licensed to ACM.
Request permission to publish from firstname.lastname@example.org
The Digital Library is published by the Association for Computing Machinery. Copyright © 2017 ACM, Inc.
No entries found