Scholars in social psychology and criminology have long argued that deviance is a group phenomenon. Based on the collective deviance literature, we aim to investigate the mechanisms behind deviant behaviors among people in groups, uncovering reasons for collective deviance within organizations. We are performing case studies among work groups (teams and departments) that commit deviances by interviewing employees and managers from those groups. Preliminary findings suggest that several deviances are committed by workgroups and, in most cases, the group’s members are aware they are violating security policies, although their intention is to increase work performance. Furthermore, in some cases, the IT department knows about the deviance, but do not take action to try solving the issue. Understanding employees’ behavior toward collective deviance can aid to cope with IS policy violations, providing new insights into policies development and strategies to mitigate such behaviors and increase information security.