This study examines a new construct—IT Assimilation—that is pertinent to the discourse on information security. We define IT Assimilation as the incorporation of enterprise IT into an individual’s IT repertoire, and then use a multi-phase methodological approach to develop and test our construct. Our findings provide valuable insights about transferring IT behaviors and potential takeaways for researchers and practitioners in cybersecurity.