Long before a hacker ever touches a keyboard, their personal moral outlook helps predict whether they will use their skills in ethical or unethical ways, according to new research led by the University at Buffalo School of Management. Published in Technology in Society, the study found that students drawn to legitimate, authorized cybersecurity work also tend to be attracted to its illegal side, a pattern the authors warn could quietly erode ethical boundaries in the profession.

"As people refine their hacking skills in authorized settings, those actions can become routine, gradually blurring the line between legitimate and illegitimate use—a phenomenon known as ethical fading," said study co-author Lawrence Sanders, Ph.D., professor emeritus of management science and systems in the UB School of Management. "Pressures such as peer norms that excuse shortcuts, along with a psychological tendency to feel that past good behavior justifies future lapses, can slowly push cybersecurity experts toward illegal hacking."

The researchers surveyed more than 500 undergraduate college students to measure their ethical orientation, interest in different types of hacking and how they think about right and wrong. To determine each student's beliefs and interests, the results were analyzed using a technique called partial least squares structural equation modeling, which finds patterns in responses across multiple questions.