1 Introduction

The last decade saw an unprecedented rise of technology infiltrating private life and altering personal habits. Especially the widespread availability of wireless broadband and the continuously successful smartphone are major enablers for this trend (Smith 2017). Although ‘being always online’ increasingly becomes a habit for people of all ages (Smith 2017) it seems to be absolutely indispensable for the younger generations (Tapscott 2009). This phenomenon is well researched for those born between 1980 and 1995, a cohort which has been given a wide range of names, including ‘Millennials’ (Strauss and Howe 1991), ‘Generation Y’ (Johnson and Johnson 2010), ‘Generation Me’ (Twenge 2007), or ‘Nexters’ (Zemke et al. 2000). Regardless of the label given, this cohort has unifying characteristics. Thus these individuals are categorized as ‘digital natives’ (Hershatter and Epstein 2010). This term reflects that they are used to have access to the internet everywhere and everywhen to find information, perform social interaction, etc. (Tapscott 2009).

It can be expected that the habit of being always on in private life will spill over into the workplace when the digital natives become active members of the workforce (Ng et al. 2010). We therefore assume, that digital natives will demand to use their own hard- and software in the business, as they use them in private life. This phenomenon is described as IT-consumerization, an ongoing trend for some years now (Köffer et al. 2014). Arguably, the most popular trend with respect to consumerization of IT is the rise of ‘bring your own device’ (BYOD) programs, which allow employees to bring their own computing devices to work and use them for business purposes (Hughes 2016). BYOD incurs positive and negative aspects: Using a private smartphone to access corporate emails or perform analyses on corporate data has several benefits, like employees being able to work wherever they want. This may lead to faster response times as they can also respond to emails when they are out of office but can also incorporate severe risks like IT-security issues or technostress.

This corporate ambivalence meets these days with a new generation entering the workforce, the digital natives. This cohort has been the object of several large scale studies (an overview with specific consideration on the work environment is given in Parry and McCarthy 2016)). These studies point to a generation, which is focused much on personal gain and less interested in the general benefit of their corporate surrounding. This leads to an interesting, yet under-researched area: the implications of digital natives entering the workplace and joining corporate BYOD- programs. More precisely, it seems interesting to assess the risk and benefit perceptions digital natives associate with BYOD-programs and how these perceptions may impact the corporate IT department which has to accommodate this new generation of employees. To add to knowledge on this issue we put forward the research question: “What is the impact of digital natives’ risk and benefit perceptions on their intention to enroll in a corporate BYOD program when entering the workplace?

As the corporate world is getting more and more international and talented new employees are a scarce resource in literally all developed and developing economies we decided to perform a quantitative study on an international scale. 476 students from five different countries answered our questionnaire and provided insights into their individual risk and benefit perceptions regarding BYOD programs. We invited students in their final year of studies and with considerable previous work experience to participate, as these are (a) members of the cohort of digital natives, and (b) the workforce of tomorrow, i.e. will be on the job market in less than a year and thus the concern of IT-managers who need to prepare for their specific behaviors.

Research focusing on this specific cohort is scarce when it comes to digital natives’ intended use of technology in a business environment. Although our research deploys ‘intention’ as dependent variable we did not test a classical TAM (Davis 1989) or UTAUT (Venkatesh et al. 2003) model. Instead, we use a net valance approach to specifically analyze the benefits and risks perceived by the digital natives and the resulting impacts on their intention to join a corporate BYOD program. We aim to provide insights on the very specific intentional motives of digital natives, which previous research (see e.g. Parry and McCarthy 2016; Twenge 2014) state to be different from that of previous generations. Practice is expected to gain insights into the behavioral motives and specifically on the risks which the new workforce may pose to the corporate network. Moreover, internationally active corporations will gain insights into differing patterns according to cultural backgrounds of the new employee.

The paper is structured as follows: after a review of the applicable literature the research model is developed and its hypotheses discussed. Thereafter, the research method is explicated and the results are presented. Subsequently, we discuss our findings and the resulting implications for theory and practice. We close with stating limitations, thoughts for further research and providing our conclusion.

2 Literature Review

As laid out above, this research investigates how benefit and risk perceptions influence digital natives in their intention to join a corporate BYOD program when entering the workforce. Subsequently, we discuss some specifics of this generation, the concept of IT-consumerization including the relevant subset for this research: BYOD, and, finally the chosen methodological basis: net valance models.

2.1 Digital Natives

Those born roughly between 1980 and 1995 have been tagged by many names: Generation Me, Generation Y, Millennials, Digital Natives, and more (Parry and McCarthy 2016). Regardless of the name given, authors unanimously attribute this cohort with very specific behaviors compared to preceding (Baby Boomers and Generation X, see e.g. Twenge (2014)) and the following generation: Generation Z (see e.g. Priporas et al. 2017). Digital natives, the term we will use throughout this paper, were the first generation which grew up ‘always-on’. The widespread availability of broadband internet (wired, wireless and mobile) in combination with a broad spectrum of communication devices (mainly smartphones) of all price ranges made this generation the first so called ‘digital natives’ (Hershatter and Epstein 2010). They are used to having access to the internet everywhere around the clock to find information, perform social interaction, play games etc. (Tapscott 2009). Vodanovich et al. (2010) estimate that by the age of 20, digital natives will have spent 20,000 h using IT for personal and professional purposes. IT has become a part of digital natives’ daily lives and they are interconnected and interwoven with the digital world. Digital natives thus seamlessly switch between the use of IT for personal and professional purposes (Vodanovich et al. 2010). These blurring boundaries give reason to assume that digital natives’ habit of being always-on in daily lives will spill over into the workplace (Ng et al. 2010), which has important implications for organizations and IT managers.

2.2 IT Consumerization and BYOD

IT consumerization is regarded as the consequence of a shift in the computerization process, which is triggered by employees who are pushing privately used IT solutions into the workplace (Weiß and Leimeister 2012). Niehaves et al. (2012) focus on ownership as the key characteristic of IT consumerization. They define consumerization as a scenario at the intersection of private ownership and corporate deployment in which employees “invest their own resources to buy, learn, and use consumer technology at their workplace” (p. 2). Referring to the paradigm where personally owned mobile devices are used for business and private purposes, BYOD is an instance of this trend. BYOD is enabled by privately owned, wireless and portable consumer technology and can be classified as an instantiation of IT consumerization, which is limited to the use of hardware.

Corporations of all sizes are confronted with BYOD, either though pressure from users or out of self-interest. Many firms offer BYOD programs. A commonly accepted definition for these programs has not yet emerged. In lieu of an academic definition, we follow the German Federal Office for Information Security and define BYOD programs as “strategies pursued by institutions to encourage their staff members to use their private [hardware] devices for enterprise purposes […]” (BSI 2013, p. 1).

IT consumerization and its subset BYOD are expected to positively contribute to employee work performance by increasing satisfaction, flexibility and mobility (Köffer et al. 2015). Nevertheless, they also involve risks like blurring the boundaries between professional and private life (Niehaves et al. 2012; Pinchot and Paullet 2015). Depending on the BYOD program’s financial model, participation could also impose financial risks on employees.

Organizational challenges of BYOD are intensively discussed in academia and practice (Leclercq-Vandelannoitte 2015; Niehaves et al. 2012). Research considering the perspective of employees is mostly limited to an enumeration of benefits and disadvantages but does not examine if and how employees consider them when evaluating the use of privately owned IT resources for business purposes. Literature assumes that BYOD involves benefits and risks for employees, but does not examine whether the respective perceptions influence an individual’s intention to use private devices at work. Our study addresses this research gap.

2.3 Net-Valence Models

IS research provides several theories to analyze individuals’ acceptance and use of IT-related innovations such as the Technology Acceptance Model (TAM) (Davis 1989), Social Cognitive Theory (SCT) (Compeau and Higgins 1995), or the Unified Theory of Acceptance and Use of Technology (UTAUT) (Venkatesh et al. 2003). These theories state the premise that individuals expect benefits from using a certain technology. The well-established and often tested UTAUT, for example, postulates that individual expectancies of performance and effort, as well as influences of both social and facilitating conditions, determine technology acceptance and use. Nonetheless, using technology may not always be beneficial (Featherman 2001; Zhou 2015) and is frequently related to various risks such as unanticipated costs. However, TAM, UTAUT and most other technology acceptance models primarily focus on the advantages of using a technology and leave out the negative factors that discourage usage (Cenfetelli 2004).

Considering the contradicting factors of benefit and risks, social psychology provides net-valence models for investigating individual decision-making. These models assume that if the positive valence (perceived benefits) of a certain behavior (e.g., using a service) outweigh the associated negative valence (perceived risks), an individual intends to perform this action (Fishbein 1967; Lewin et al. 1944). Applying net-valence models, marketing research positively confirms that individuals accept negative utility (in the field of marketing usually operationalized as costs) in order to obtain expected positive utility as long as the net utility is positive (see e.g. Peter and Tarpey Sr 1975). The argument that individuals weigh perceived benefits against perceived risks/costs to form intended behavior is central to literally all IS adoption theories. Therefore, not surprisingly, net valence models have successfully been used in IS Research to explain the sharing of private health information on social media (Li et al. 2016) or the adoption of e-services (Featherman and Pavlou 2003; Featherman and Wells 2010). These studies showed that individuals weigh expected positive impacts against expected negative impacts before deciding to perform an action. Therefore, net valence models seem to be well suited to assess the specific decision patterns of digital natives, when it comes to joining a corporate BYOD program.

3 Hypotheses Development

Based on the arguments presented above, we propose a net-valence model to investigate digital natives’ intention to participate in corporate BYOD programs. Subsequently, the model depicted in Fig. 1 builds on the assumption that an individual’s behavioral intention is positively impacted by her/his expectations regarding the benefits she/he receives and is negatively impacted by her/his risk perceptions. As there is no comprehensive underlying theory available, arguments have been taken from different theoretical backgrounds.

Fig. 1
figure 1

Net-Valence Model

3.1 Intention to Participate in a BYOD Program

The behavioral intention (BI) of an individual to perform a specific action is the dependent variable of our research model. In our specific case, we are interested in the impact risk and benefit perceptions of digital natives have on their intention to join a corporate BYOD program. The intention construct has been adopted from the well-known and tested TAM (Davis 1989),which is grounded in the theory of reasoned action (Fishbein and Ajzen 1975). For this research, we conceptualize intention to reflect the individual’s desire to join a corporate BYOD program.

3.2 Perceived Risk of Participating in a BYOD Program

Research shows that humans have difficulties to quantify expected negative utility of actions a priori (Farahmand and Spafford 2010). Real costs are often not predicted accurately, therefore, non-quantifiable costs –approximated through subjective risk perceptions- are the commonly used denominator (Campbell and Brown 2005; Featherman and Pavlou 2003; Liu et al. 2012). To complement the view on human cost perception approaches which calculate costs from an objective perspective, perceived risk (PR) was set up to conceptualize negative utility from a subjective cognition. Perceived risk was introduced by Bauer (1967) in his perceived risk theory (PRT), which analyses the risk an individual associates with the consequences of a decision. The theory assumes that subjective risk perceptions directly impact an individual’s intention to perform a certain action (Cunningham 1967). Perceived risk can be regarded as the subjective expectation of a possible loss (Stone and Gronhaug 1993). PRT was adopted in different disciplines to understand the effect of risk perceptions on consumers’ behavior and was found to be an adequate measure of negative consequences of technology adoption and usage (Featherman and Pavlou 2003) and a significant determinant of technology acceptance (Liu et al. 2012).

Cunningham (1967) defines perceived risk as “the amount that would be lost (i.e., that which is at stake) if the consequences of an act were not favorable, and the individual’s subjective feeling of certainty that the consequences will be unfavorable” (p. 85). In the context of BYOD, we refer to perceived risk as to an individual’s beliefs about the potential negative outcomes caused by participating in a corporate BYOD program. When individuals perceive that there is a high level of risk associated with BYOD programs, they are expected to not feel comfortable participating in BYOD programs. We propose that

  • H1:The higher the perceived risks of participating in a BYOD program, the lower an individual’s intention to participate.

In his original theory, Bauer (1967) proposes perceived risk to be a multi-dimensional construct. The original risk facets, published by Cunningham (1967), were derived from a consumer marketing perspective for the acquisition of physical goods of daily use. The theory has since been adapted to information systems research and specifically to the context of technology adoption (see e.g. Featherman and Pavlou (2003), Gewald and Dibbern (2009), or, Lee (2009)). In line with the findings of the aforementioned authors the adapted facets of the perceived risks associated with BYOD consist of the components: financial, performance, privacy, security and safety risk.

In general, participating in an official BYOD program means that a company’s responsibility for selecting IT devices is transferred from the IT department to the employee. This shift of responsibilities also makes the employee accountable for the performance of the devices she/he selects. The risk facet performance risk (PR-PE) reflects “how well the product will perform relative to expectations” (Aldás-Manzano et al. 2009, p. 56) and, hence, includes the potential that the device selected by the individual is not sufficient for its intended business purpose. Defining performance risk as: the potential of not performing the business activities sufficiently because the device chosen does not meet the requirements or the user does not have the right skills to operate the device well, we propose that:

  • H1a:The higher the perceived performance risk of participating in a BYOD program, the higher the overall perceived risk.

Financial risk (PR-FI) is defined as the “potential monetary outlay associated with the initial purchase price as well as the subsequent maintenance cost” (Featherman and Pavlou 2003, p.1036). This risk facet is assumed to be particularly relevant to participants of BYOD programs based on the “We-Sponsor-Your-Device” (WSYD) approach. In this approach, the employee gets paid a certain amount to acquire a device of her/his liking. In return, the employee carries full responsibility to ensure that she/he can fulfil the required business tasks with the selected device. The employer often does not provide support or maintenance for the WSYD devices. Therefore, the user bears the risk that the actual costs of acquiring and maintaining the device may exceed the compensation.

Subsequently, we hypothesize that:

  • H1b:The higher the perceived financial risk of participating in a BYOD program, the higher the overall perceived risk.

Using a device for private and business purposes also entails the potential that personal information is disclosed to the employer without the employee’s consent and knowledge (Miller et al. 2012). But potential corporate invasion into the privacy sphere of the user is not limited to data stored on the phone. If the user keeps passwords for e.g. social networks stored in the browser, the employer may be able to get access to this very private area (Vorakulpipat et al. 2017). Also modern smartphone have GPS systems and the employer may be able to track the employees location and travel paths (Vorakulpipat et al. 2017). Capturing these issues, privacy risk (PR-PR) is defined as the “potential loss of control over personal information” (Featherman and Pavlou 2003, p.1036). Thus, we propose that:

  • H1c:The higher the perceived privacy risk of participating in a BYOD program, the higher the overall perceived risk.

Security breaches due to the use of private devices is a widespread threat (Niehaves et al. 2012). Therefore, information security is one of the most important topics related to BYOD from corporate perspective (Flores et al. 2016). As a measure of safeguarding security, BYOD programs usually encompass policies which delegate the responsibility for ensuring information security to the employee. Nonetheless, participating in a BYOD program increases the risk that the employee will cause a security breach and harm the organization. In view of this arguments, we define security risk (PR-SE) as the potential loss due to fraud or a hacker compromising information security (Lee 2009) and propose that:

  • H1d:The higher the perceived security risk of participating in a BYOD program, the higher the overall perceived risk.

Last but not least, safety risk (PR-SA) accounts for threats to an employee’s health (Lu et al. 2005). Prior research refers to the potential of BYOD to increase the stress level of employees (often referred to as “Technostress”) (Fischer and Riedl 2017; Maier et al. 2015; Niehaves et al. 2012, 2013; Wakunuma and Stahl 2014; Yun et al. 2012). The aforementioned authors state multiple reasons why BYOD may induce stress including: not being able to switch off from work anymore, blurring boundaries between private and work life, increased pressure to respond quickly, pressure to make decision quicker, etc. This may have negative implications for the employee’s health, including strain, burnout or other mental disorders (Maier et al. 2015). Subsequently, we propose that:

  • H1e:The higher the perceived safety risk of participating in a BYOD program, the higher the overall perceived risk.

3.3 Perceived Benefits of Participating in a BYOD Program

According to the net valence model, an individual weighs positive and negative expectations before intending to perform a behavior, or not. Usually benefits cannot be seriously quantified before a decision must be made. Individuals use their subjectively quantified expectations instead. Therefore, for individual decision making, benefits need to be conceptualized as perceived benefits (PB), which “include all benefits which the [individual] perceives as having received” (Liljander and Strandvik 1993, p. 15). Prior research has conceptualized perceived benefits as the positive utility an individual expects when adopting a particular technology and has considered perceived benefits a direct determinant of IS adoption (Kim and Olfman 2011; Lee 2009; Liu et al. 2012). We define perceived benefits of joining a corporate BYOD program as an individual’s overall assessment of the benefits she/he associates with using privately-owned devices on job and propose that perceived benefits directly impact the intention to participate in a corporate BYOD program. When perceived benefits of BYOD programs are high, individuals are expected to choose to participate to receive the associated benefits. Subsequently, we hypothesize that:

  • H2:The higher the perceived benefits of participating in a BYOD program, the higher an individual’s intention to participate.

Several theoretical approaches aimed to explain technology adoption illuminate the facets of perceived benefits. In this regard, the Innovation Diffusion Theory (IDT) as proposed by Rogers (1983) does not only focus on technology, but on innovations in general. Rogers (1983, p. 11) defines an innovation as “an idea, practice, or object that is perceived as new by an individual or other unit of adoption”, such as BYOD at the time of this study. Moreover, the IDT assumes that distinct characteristics of innovations affect the adoption and use of these within organizations (Moore and Benbasat 1991). Moore and Benbasat (1991) adapted these characteristics and refined a set of constructs that could be used to study individual adoption of technology-related innovations. Prior research found broad support for the effects of most of these constructs (see e.g., Venkatesh et al. 2003). However, the meta-analysis on innovation characteristics conducted by Tornatzky and Klein (1982) found that only relative advantage (equals performance expectations), complexity (equals ease of use expectations) and compatibility are consistently related to adoption decisions of individuals. Further, following Venkatesh et al. (2003) showing that perceived effects on one’s image are significant in some settings and as discussions with young employees have indicated that social influence may impact behavioral intention concerning BYOD programs, we decided to also include image in the research model (as proposed by Moore and Benbasat 1991).

Performance expectancy (PB-PE) is a cornerstone of individuals’ adoption of a new system or service offering provided. The UTAUT (Venkatesh et al. 2003) provides a sloid theoretical base to conceptualize this facet, therefore we define, based on Venkatesh et al. (2003) performance expectancy to be the degree to which an individual believes that participating in a BOYD program will help her/him attaining gains in job performance. Köffer et al. (2015) show that BYOD can increase work performance levels because employees realize productivity gains when they are able to select IT tools on their own. Therefore, we propose that:

  • H2a:The more positive an individual’s performance expectations, the higher the perceived benefits.

Participating in a BYOD program enables an employee to choose and use a device that best meets her/his requirements for business purposes. Usually, BYOD adopters perceive their personal devices as easier to use and more intuitive than the devices provided by the IT department (Niehaves et al. 2012). Therefore, we define (again based on the UTAUT) ease of use expectancy (PB-EE) as the degree of ease individuals associate with using a privately-owned device compared to using a device provided by corporate IT. Thus, ease of use is an important component of perceived benefit and we hypothesize that:

  • H2b:The more positive an individual’s ease of use expectations, the higher the perceived benefits.

Drawing on the characteristics of innovation presented by Rogers (1983) and utilized in technology adoption research by Moore and Benbasat (1991), Compatibility (PB-C) is defined as “the degree to which an innovation is perceived as being consistent with the existing values, needs, and past experiences of an individual” (Moore and Benbasat 1991, p.195). Arguing that BYOD is an innovation viewed from the perspective of our research objects, it becomes apparent, that this innovation will only be considered, if it complies with the wants and needs of the individual. Taking the specifics of digital natives into account it seems indisputable that being always on is a “must” even through working hours. It therefore is highly likely that remaining online after working hours – also for work purposes will also be considered positively. Thus, a corporate BYOD offering tends to be highly compatible with digital natives’ living habits. Therefore, we hypothesize that:

  • H2c:The more compatible participation in a BYOD program is with one’s values and needs, the higher the perceived benefits.

Venkatesh et al. (2003) showed that image played a significant role in individual adoption settings. Anecdotal evidence from informal discussions with young employees indicates that social influence is likely to impact behavioral intention, as using a privately-owned device could also result in benefits to an individual’s image or status. Image (PB-I) is defined as “the degree to which use of an innovation is perceived to enhance one’s image or status in one’s social system” (Moore and Benbasat 1991, p.195). Using a trendy consumer product (e.g. an iPhone) may enhance an individual’s self-perception and thus positively influence her/his benefit perceptions. In the context of school education, Hopkins et al. (2017) also find that subjective norms positively influence childrens intention to use their own devices. Hence, we propose that:

  • H2d:The more BYOD is perceived to enhance one’s image or status, the higher the perceived benefits.

4 Research Methodology

The research model was tested with a questionnaire distributed to international students in five different countries who were close to finishing their undergraduate degrees and already gathered practical work experience (e.g. through internships). Data was collected through an online survey and analyzed using structural equation modelling.

4.1 Instrument Development

To test the initial hypotheses, a questionnaire with a set of measurement items for each construct was developed. To safeguard measurement validity, the items used were adapted from prior research wherever possible. IS literature building on PRT and technology adoption research provides a valuable repository of previously tested items (Aldás-Manzano et al. 2009; Featherman and Pavlou 2003; Gewald and Dibbern 2009; Moore and Benbasat 1991; Venkatesh et al. 2003). To relate the items to the BYOD context, the wording of the existing items needed to be altered slightly. Due to the lack of existing perceptual items covering the characteristics of BYOD services, items for performance, privacy, security, and safety risk facets were developed. To improve the validity of the measurement model, newly-developed and adapted items were intensively discussed within the research team and knowledgeable scholars. In addition, the wording of the measurement items was evaluated by all contributing scholars to ensure all items are comprehensible in the distinct cultural contexts. A pre-test with students not participating in the study was conducted to ensure that the questions were clearly understandable and non-ambiguous. All items were measured on five-point Likert scales. Age, gender, university, major/course of studies and country of origin were included as control variables. The definitions of the constructs and the main sources are provided in Table 1, the items and their sources are listed in the appendix.

Table 1 Construct definitions and underlying literature

4.2 Data Collection and Sample

IT consumerization is particularly evident in the lives of most young people in the developed world (Carter et al. 2011) who were born into the digital age where technology such as smartphones, web-services, and social media is ubiquitous (Prensky 2001; Wakunuma and Stahl 2014). Members of this generation are frequently among the first to adopt IT-related innovations. This is particularly obvious in educational settings, where their expectations of technology are shaped (Miller et al. 2012). Following this argument, students (i.e., future employees) can be seen as drivers of IT consumerization. Informal discussions with practitioners show that particularly young professionals want to use their own devices as soon as they enter professional life. Understanding what drives young professionals’ decision to use privately-owned devices for private and work-related activities is of particular interest. Therefore, students in their last year of undergraduate studies with relevant work experience have been selected as the subjects in this study.

Data was collected from April to December 2013. To ensure a coherent set of responses and to limit the impact of external factors, undergraduate students from several European, Asian and American universities with comparable and ‘technology-affine’ majors (information systems, industrial engineering, and business administration) were chosen. A standardized questionnaire was distributed using an online survey tool among students. Professors of the research group asked undergraduate students in their last year, preferable ones which have completed an internship, to participate in the online survey. To reduce the probability of non-response bias during data collection, the professors regularly reminded their students to participate. Overall, 508 responses were collected. These responses were reviewed and 58 responses with missing values were deleted, leaving 476 valid responses. The demographics of sample are depicted in Table 2.

Table 2 Demographics of the Dataset (n = 476)

5 Data Analysis

We tested our model with PLS, a structural equation modelling method for complex predictive models and theory building (Barclay et al. 1995; Chin 1998b). PLS deems appropriate for this study for two main reasons (see e.g. Gefen et al. 2011). First, PLS is compatible with formative measurement and can model formative second-order constructs composed of first-order constructs (in our study: perceived risk and perceived benefits). Second, as laid out in the introduction, our study needs to be qualified as exploratory and PLS is suitable for exploratory research.

We used SmartPLS (Ringle et al. 2014) to estimate the model, utilizing the bootstrap re-sampling method (5000 samples) to determine the significance of the paths in the structural model.

A rule-of-thumb for PLS sample size suggests ten times the largest structural equation or the largest measurement equation (Barclay et al. 1995; Gefen et al. 2000). In this study, the largest structural equation is the perceived risk construct, with five paths in the measurement model. Thus, the sample size exceeds the minimum suggested sample size of 50 responses.

We also examined whether common method bias was a concern for our data using two common method variance (CMV) tests (Lindell and Whitney 2001; Podsakoff et al. 2003). First, we conducted an explanatory factor analysis of all items, which extracted seven factors explaining more than two thirds of the variance, with no single factor accounting for significant loading (at the p < 0.1 level) for all items included in this study. Additionally, the second-smallest positive correlation among the manifest variables was used as a conservative estimate for CMV. After adjustment, all significant correlations remained significant. Therefore, CMV is not considered a concern for our study.

5.1 Measurement Model Assessment

Our measurement model contains some constructs measured with only two items (BI, PR-FI, PR-PE, and PR-SA). Though it is favorable to measure latent factors using three items or more, it is possible to retain a factor with only two items when those two items are highly correlated (r > 0.7) and relatively uncorrelated with other variables (Worthington and Whittaker 2006; Yong and Pearce 2013). Assessment of the indicator correlation matrix reveals that all items are highly correlated (r > 0.7) and relatively uncorrelated with items of other variables.

To test convergent validity of the measurement model, we also applied following criteria (Gefen and Straub 2005; Hulland 1999): First, the loadings of all items are all significant and above 0.7. Second, the Composite Reliability (CR) scores of all constructs are above 0.7. Finally, the Average Variance Extracted (AVE) of all constructs is above the threshold value of 0.5. All values are depicted in Table 3.

Table 3 Descriptive statistics, item loadings, and constructs’ AVE and CR

Discriminant validity was established by ensuring that the square root of AVE for each construct exceeded the correlations between that construct and any other construct (Table 4).

Table 4 Inter-construct correlation matrix, square root of AVE shown in bold

We modelled perceived risk and perceived benefit as formative second-order construct, and followed the hybrid two-step approach proposed by Ciavolino and Nitti (2013) to examine these two constructs. First, the measurement model of all constructs, including the reflective first-order constructs, was analyzed using the repeated indicator approach. Second, the factor scores of the first-order constructs were applied as formative indicators for the second-order construct to test the structural model. Here we first assessed collinearity of indicators (represented by factor scores) by examining variance inflation factor (VIF) and tolerance value for each indicator. Our results show that no indicators have a tolerance value below 0.20 or a VIF value above 5, indicating that collinearity is not an issue. We then examined the weights of each indicator (see results in Table 5). Based on the results, perceived performance risk and perceived safety risk are positively related to perceived risk, supporting H1a and H1e. Likewise, performance expectations, ease of use expectancy and compatibility are positively related to perceived benefit, supporting H2a, H2b and H2c.

Table 5 Indicator weights

5.2 Ex-Post Analysis of Sample Homogeneity

Since our data is from multiple countries, the assumption of a single homogeneous population may not hold. In order to test whether an aggregate analysis of our multinational data sample is robust and if there are significant differences between sub-samples causing misleading results, we conducted FIMIX-PLS analysis following Ringle et al. (2010). FIMIX-PLS analysis assumes that heterogeneity is concentrated in the inner model relationships and simultaneously estimates the model parameters and ascertains the heterogeneity of the data structure within a PLS path modelling framework. We ran FIMIX-PLS for different segments. Table 6 shows the segment-specific information and classification criteria for different segments (K), and Table 7 shows the percentage of each segment with different K value.

Table 6 Information and classification criteria for varying K
Table 7 Segment sizes for different numbers of segments

We applied classification criteria such as the Akaike information criterion (AIC), the Bayes information criterion (BIC) and the consistent AIC (CAIC). These criteria are scaled so that lower values represent a better fit (e.g., higher explanatory power). BIC and CAIC reached the lowest level with the three-segment solution. Though, the AIC is lowest with the four-segment-solution, the difference to the three-segment-solution is marginal. We then examined the normed entropy statistic (EN) (Ramaswamy et al. 1993), which is used to analyze whether FIMIX-PLS results produce well-separated clusters. The entropy criterion is of critical for assessing whether a FIMIX-PLS solution is interpretable or not (Ringle et al. 2010). Values above 0.50 indicate well separated, unambiguous class memberships. Here the EN of the three-segment solution is considerable below the threshold, indicating non-meaningful segmentation. In fact, the EN is below 0.50 for all solutions. Overall, the results of FIMIX-PLS analysis indicate that there is only a small risk that the results on the multinational level of our dataset are affected by unobserved heterogeneity in the inner path model estimates. As such, the whole sample can be regarded as rather homogeneous.

5.3 Structural Model Assessment

We examined the structural model with path coefficients and R2 measures (Gefen et al. 2000). Path coefficients indicate the strength and significance of relationships between constructs, and R2 measures the percentage of the variance in the dependent variable explained by the independent variables. As shown in Fig. 2, the independent variables account for almost 50% of the variance in behavior al intention, which can be considered as moderately good (Chin 1998a).

Fig. 2
figure 2

PLS structural model results

Furthermore, the effect size of each path in the SEM was evaluated by means of Cohen’s f2 (Cohen 1988). The effect size measures whether an independent latent variable has a substantial impact on a dependent latent variable. Table 8 provides an overview of the path-coefficients and effect sizes of the exogenous variables.

Table 8 Results of PLS path analysis

Additionally, we calculated the Stone-Geisser Criterion (Q2) for all latent variables to assess the predictive quality of the model (Geisser 1975; Stone 1974) following Chin (1998b). All reflective latent variables reveal estimation relevance with Q2 above 0; hence, the model shows good predictive relevance (Table 9).

Table 9 Results of the Stone-Geisser Test

6 Results

The structural model results are depicted in Fig. 2 below.

The results demonstrate that digital natives primarily consider the benefits and neglect the risks of participating in a BYOD program. Although the path between risks and intention is significant, the effect size of perceived risk is only marginal (ƒ2 = 0.013), indicating that perceived risk is of no relevance to the individual’s decision-making process. In contrast, perceived benefit has a large significant effect on behavioral intention, hence accounts for most of the variance in behavior al intention. Apart from the magnitude of effect, the direction of the influence of all dependent variables is as expected. Benefit expectations positively influence behavior al intention, whereby perceived risk inhibits the dual use of privately-owned devices. Subsequently, while our results provide support for H2, H1 is not supported.

The formative conceptualization of perceived risk and perceived benefits proposed in this study allows us to evaluate the relative impact of each risk facet instead of treating benefits and risks as a black-box. In contrast to our expectations, only performance and safety risk contribute significantly to overall risk perceptions, providing support for H1a and H1e. The effect of security risk is not significant. Although it is neither significant nor is the magnitude considerable, the direction of the effect privacy risk on overall perceived risk is not as expected. Last not least, though significant, the contribution of financial risk on the overall risk perceptions approaches zero. Subsequently, H1b, H1c, and H1d cannot be supported. Considering the dimensions of perceived benefits, our expectations hold true except regarding the effect of image on perceived benefit. The contribution of image to the formation of perceived benefit is neither significant nor of meaningful magnitude, leading us to conclude that there is no support for H2d. However, as we will outline in the limitations section below, this effect is subject to further research. While performance expectations were found to primarily form benefits perceptions (H2a), H2b and H2c can be also supported.

7 Discussion

Our findings show that perceived benefits and perceived risks indeed play important roles in the individual’s cognitive formation of behavioral intention towards BYOD adoption. Although the impact of the risks perceived is statistically significant, it is of relatively low importance for the cognitive formation of behavioral intention in the context of this study. Nonetheless, the analysis of the risk formation gives deeper insights into the specific determinants of the behavioral intentions of the digital natives.

Out of the five facets suggested by perceived risk theory, only performance risk and safety risk showed substantial effects in our model. These two types of risk have direct negative impacts on the individual if they manifest. Performance risk will slow the individual down or hinder her work efforts while safety risk has a direct negative impact on the individual’s health and well-being. The remaining risk facets are statistically unimportant in deciding whether to participate in a BYOD program.

Financial risk is likely to be not important in a BYOD setting, in contrast to other financial models like WSYD where the user actually carries a financial responsibility. In a pure BYOD setting the user is only marginally affected by a financial risk as she/he does not enter an obligation to provide a specific service. If the device does not work as expected she simply does not use it. The BYOD setting is per se voluntary.

Privacy risk also showed to have only a minimal effect. This risk is divided into two parts which need to be addressed separately: (1) Employers access to employee’s data: Digital natives in general seem to be more relax with their data. Anecdotal evidence underlines that there seems to be a widespread line of thought that “nobody is interested in my data anyway” and “if I don’t do anything wrong, I have nothing to hide”. As a result, they seem not to be afraid of their employers investigating their private data. (2) Losing private data when losing the BYOD device (remote delete): The absence of this risk may be explained with two arguments. One, as the BYOD device is in fact a privately-owned device, the risk of losing it is the same in a business context as in a private context. It is in fact the risk of losing your phone or tablet PC. Therefore, the respondent does not face a specific BYOD-related risk and does not value it as such. In addition, contemporary devices store most relevant data in a cloud solution which makes it easy to restore after loss. Thus, this risk does not carry a measurable negative impact.

The case of the -virtually non-existent- impact of security risk is assumed to be connected to the specific egocentric disposition of digital natives (the so called ‘Generation Me‘ in (Twenge 2007)). Twenge empirically shows that there is a rise of individualistic and narcissist traits within the digital natives. Narcissism is, for instance, strongly linked to overconfidence and unrealistic risk taking (Foster et al. 2009; Twenge et al. 2008). Furthermore, narcissism is commonly related to benefits to the individual that are primarily affective and mostly short term orientated, whereas the cost of narcissism is usually borne by others (Campbell and Buffardi 2008). This trait offers a possible explanation for the weak effect of security risk as this is a primary example where a negative outcome is carried by others. Getting viruses or malware into the corporate network is of almost no effect to the single user but creates a lot of work for the corporate IT department.

Summarizing the discussion of the effects of perceived risks in the light of the arguments put forward on the cognitive disposition of digital natives it becomes obvious why only safety and performance risk contribute to the formation of perceived risk. Only these risk facets comprise potential negative outcomes which have to be borne immediately and solely by the risk-taker.

This argument gains even more in weight when the perceived benefits come into play. Here almost all benefits are significant and show good factor loadings. Only gains in image/status show no effect which can be explained with the social desirability response set (Barton 1958) which claims that respondents have the tendency to answer in a way that the interviewer (or questionnaire) sees them in a positive light. Respondents are therefore likely not to acknowledge that they do anything for a gain in image or status as “good citizens” are behaving rational and do not fall for status.

All together our results shed light on a typical generation-me-behavior regarding the BYOD intentions of digital natives. They want all the benefits and neglect all risks which do not directly affect them.

8 Implications

8.1 Implications for Theory

Generally, individuals show different determinants towards behavioral intentions depending on their respective cultural heritage (Kirkman et al. 2006). Our results indicate that in some contexts this may not be the case. For this study, we selected respondents in the same field of study and age group, thus capturing the cognitive determination of a set of digital natives. Although we did extensive tests over multiple control variables, the sample of 476 participants from more than five different nationalities and an unknown number of individual cultural heritages, the response set did not reveal heterogeneous clusters. Therefore, we can conclude that the determinants of behavioral intention towards corporate BYOD programs are shared by digital natives regardless of their nationalities and cultural backgrounds. This largely contradicts previous research which is generally guided by the assumption that culture plays an important role in decision-making in general. Most prominently the work of Hofstede (2003) forms the basis for the assessment of the impact of culture on decision making (Kirkman et al. 2006). Here we see that digital natives share a common set of values which is valid spanning cultural differences. As such one could argue that being a “digital native” is a cultural value in its own respect. Although we need to acknowledge that more research needs to be done on this issue, it is a valuable theoretical insight with implications specifically for cross-cultural research.

The second implication for theory relates to the risk perceptions of digital natives. Although perceived risk theory has been around for a long time and has been successfully applied to IT adoption, our study indicates that digital natives do not fall into the classical (and the IT-adapted) perceived risk categories. Researchers need to be aware that ‘Generation Me’ (as referred to by Twenge) is characterized by strong individualistic and narcissist traits (Twenge 2007) which most likely impact their risk taking and acceptance behavior. Traditional models based on PRT should therefore be adapted when applied to research digital natives. Although more research is necessary in this context, people belonging to the group of digital natives appear to classify risk broadly into risks that affects them and risks that affect others, whereby the latter plays a less significant role in their decision-making process. Hence, adapted models for risk analysis are necessary in these research settings.

8.2 Implications for Practice

It is evident that an upcoming generation of employees will be supportive towards corporate BYOD programs. These young people see the potential benefits and want to exploit them. However, there are dangers in terms of risk, because digital natives tend to focus on the benefits and largely neglect the risks, especially the risks borne by the company.

Digital natives have been characterized as having strong individualistic and narcissist traits (Twenge 2007). They focus on their personal benefits and their personal risks. Particularly narcissist traits is related to benefits to the individual that are primarily affective and mostly short term orientated, whereas the cost of narcissism is usually borne by others (Campbell and Buffardi 2008). This implies that they largely ignore risks resulting from their actions which do not affect them directly and do not feel the need to carry the burden. This has implications we saw in our study, for example in the construct ‘Security Risk’. It is much more difficult to keep private devices IT-secure because users can install software at will. If such software proves dangerous to the corporate network, this could cause massive harm. Although the risk is real and every user knows about it, our study indicates that respondents do not consider it significant in terms of their intention to use privately-owned devices in a corporate environment. It is possible that respondents believe that the company, and not they themselves, will be have to solve any problems caused by dangerous software entering the system through their private devices. In a nutshell: the individual reaps the benefits of using her/his own device and the company solves the problem if something goes wrong.

This has two implications for corporate IT managers. First, you cannot stop it, BYOD will come - if not as a structured program, then as a shadow IT. Therefore, a structured program is likely to be the better choice. Second, understand that users do not care much about the risk they put the company in, so additional safeguards are needed for the IT-security department, users must be informed about the consequences of their actions, and trainings and policies must be instituted before damage is done.

8.3 Limitations and Further Research

The observations made in this study are subject to the caveat of the restricted number of participants. Although 476 students responded, this is by no means a representative figure nor is the construction of the sample representatives for the overall population of digital natives. Additionally, only a limited number of countries was included in the study, therefore no generalization of the results towards different nationalities can be derived. The field of study of the participants was not chosen randomly. We specifically targeted students which are expected to have a certain affinity towards IT and mobile devices. Including a broader set of studies (e.g., philosophy, fine arts, and sports) might have shown differing results.

Furthermore, the measurement model developed in this study contains certain limitations. Some constructs have been measured using only two indicators which increases the probability of estimation errors. Although the sample size is large enough to put this problem into perspective, and the assessment of the indicator correlation matrix indicates sufficient reliability of these factors, future research should extend the set of measurement items. Moreover, only the items PB-I1, PB-I2, and PB-I3 do not ask the respondents personally (e.g., using a BYOD program fits into my working style), but relate to “People participating in BYOD”. This might provide some explanation why the sub-dimension image does not have a strong effect on the formation of perceived benefits. Further research should focus on this relationship by comparing the items used here and other items as provided by prior research.

Another route for further research would be to dig deeper into the cross-cultural analysis. Although our multi-national data set does not show significant heterogeneity, it might be worth looking at this in more detail with specific attention given to the respective workplace culture. In this respect, it also needs to be noted that our study included only the nationality of the respondent to identify the answering person’s cultural backgrounds. Deeper analysis of the cultural differences in perceptions towards BYOD could provide interesting insights into the decision-making process of individuals.

Another interesting route for research would be to compare our results from the digital natives group to results taken from a generation before, i.e. non-digital natives. A comparison of these groups could shed more light on the intrinsic motivators of our future employees and how they match up against current employees.

9 Conclusion

Our results are closely aligned with the ethnographic description of digital natives of Twenge (2014). Our data confirms that so-called digital natives in fact focus on their own benefit very much and neglect the risks their actions incur on other people and organizations as long as they are not affected themselves. These findings have important implications for theory and practice. The most important probably being that corporate IT departments all over the world need to get ready for digital natives who are big risk takers when it comes to their personal advantage. Although more research is necessary in this context, people belonging to digital natives appear to classify risk broadly into risks that affects them and risks that affect others, whereby the latter play a less significant role in their decision-making process. Hence, adapted models for risk analysis are necessary in these research settings.