Abstract
This study examines the role of neutralization and deterrence in discouraging employees from using Shadow IT: tools, services and systems used in an organization but not authorized by the IT department. Our study provides a unique contribution to the IT security literature by studying effects of neutralization on both intentions (self-reported) and actual behavior, as well as examining the role of shame as a mediator. We surveyed employees from four organizations and found that the "metaphor of the ledger" neutralization technique predicts Shadow IT intention and actual Shadow IT usage. We also find that neutralization and deterrence effects influence shame. (c) 2017 Elsevier B.V. All rights reserved.