Critical impact of organizational and individual inertia in explaining non-compliant security behavior in the Shadow IT context

Shadow IT refers to the use of information technology (IT) solutions and systems without prior explicit organizational approval. In this research, we have investigated an important role of organizational and individual inertia in explaining non-compliant security behavior in the Shadow IT context. Using the theory of organizational and individual inertia and status quo framework as theoretical lenses, we sought to explain the factors that form an individual's cognitive based inertia. Our study offers important insights into how inertia shapes and drives cognitive based inertia, which drives the behavioral intention to continue using Shadow IT. We suggest several new insights for theory and practitioners on how to better address the Shadow IT phenomenon with the objective that organizations are more agile, productive and efficient but at the same time, more compliant with information security policy requirements.