A Theoretical Foundation for Explaining and Predicting the Effectiveness of a Bring Your Own Device Program in Organizations

Bring Your Own Device (BYOD) adoption in organizations continues to grow in recent years, with the aim to improve both organization cost-saving, employee job satisfaction, and employee productivity. A BYOD environment has its unique set of organizational security opportunities and challenges. As a result, BYOD program deployment requires organizations to develop and rollout new information security measures and policies unique to this environment. Successful adoption of BYOD thus requires an effective BYOD information security program deployment. Our study seeks to develop a theoretical foundation for explaining and predicting the effectiveness of a BYOD program deployment. Specifically, we evaluate the applicability of Knapp and Ferrante’s Information Security Policy and Effectiveness (ISPE) model to explain and predict BYOD program deployment effectiveness. The relationships between the fundamental causal factors in the model, namely awareness, enforcement, and maintenance, and the program effectiveness, were evaluated using a sample of 119 BYOD users working in the financial sector in the United States. Our study supports the use of the ISPE model to assess the effectiveness of a BYOD information security program deployment. Security policy awareness, enforcement, and maintenance together account for 72% of the change in the BYOD security program effectiveness. © 2022, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.