Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources

Cavusoglu, Huseyin; Cavusoglu, Hasan; Son, Jai-Yeol; Benbasat, Izak

doi:10.1016/j.im.2014.12.004

Cited by 82 publications

(67 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Normative pressure comes mainly from the norms and values established in the community and among consumers, or professional working conditions and methods defined by a specific industry (DiMaggio & Powell, 1983). As one form of societal legalization, the behavior of each firm is restricted by norms, standards and expectations of external stakeholders (Cavusoglu, Cavusoglu, Son, & Benbasat, 2015). Even without compulsory and punitive functions of laws and systems, normative pressure still has a bearing on a firm's environmental innovation.…”

Section: Normative Pressure and Environmental Innovationmentioning

confidence: 99%

Institutional pressure, knowledge acquisition and a firm's environmental innovation

2018

View full text Add to dashboard Cite

Based on institution theory, resource‐based theory and innovation theory, this study proposes a framework to investigate how institutional pressure affects environmental innovation through the mediating role of knowledge acquisition. In total, 263 firms in the Chinese manufacturing industry were selected as the research sample, and a structural equation model was used to examine the mediating role of knowledge acquisition between regulative pressure, normative pressure, cognitive pressure and the firm's environmental innovation. The results showed that regulative pressure and normative pressure had positive effects on the firm's environmental innovation, whereas the effect of cognitive pressure was not significant. In addition, knowledge acquisition positively promoted environmental innovation, and played a mediating role between regulative pressure, normative pressure and environmental innovation. Finally, this paper provides suggestions for government policy‐makers and managers to promote environmental innovation.

show abstract

Section: Normative Pressure and Environmental Innovationmentioning

confidence: 99%

Institutional pressure, knowledge acquisition and a firm's environmental innovation

2018

View full text Add to dashboard Cite

show abstract

“…Strategic management and organizational science literature shows that differences in configurations of organizational resources and capabilities explain much of the heterogeneity in organizational performance [28][29][30]; however, achieving optimal configurations of resources and capabilities is a complex task in which not all organizations succeed [31][32][33]. Similarly, configuration of cybersecurity capabilities is inextricably tied to organizational performance, and evidence shows that major variations in the configuration of cybersecurity resources exist from company to company [34].…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Jalali

Siegel

Madnick

2019

The Journal of Strategic Information Systems

View full text Add to dashboard Cite

We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity. development. albeit inadvertently-introduce new, more subtle vulnerabilities. Research also suggests that attackers in cyberspace are not only rational and motivated by economic incentives [6], but also act strategically in identifying targets and approaches [7]-in other words, "The good guys are getting better, but the bad guys are getting badder faster" [8]. Perhaps there was a time a decade ago when cybersecurity was only a matter of "if" an organization was going to be compromised, but today it has become a question of "when," and "at what level."Despite the proliferation of cyberattack capabilities and their potential implications, many organizations still perform poorly with respect to cybersecurity management. These companies ignore or underestimate cyber risks, or rely solely on generic off-the-shelf cybersecurity solutions. A mere 19% of chief information security officers (CISOs) are confident that their companies can effectively address a cybersecurity incident [9]. In May 2017, the WannaCry ransomware attack-a type of malware that blocks access to computer systems until a ransom is paid-affected companies worldwide, even though a patch for the exploited Windows vulnerabilities had been made available by Microsoft months earlier in March 2017 [10]. As data grows in size and value, the increase of cyber risks and escalation of privacy concerns demand that managers improve their approach to cybersecurity capability development-interventions to build such capabilities typically include improvements to technology already in place, in addition to the purchase of new technology, talent acquisition, and training, among other activities. Research objective and approachThe importance of being proactive in cybersecurity capability development is well understoodit is more cost effective than taking a reactionary approach and reduces failure rates [11].Although many executives and decision-makers are becoming aware of the significance of cybersecurity, a major question remains unanswered: Are experienced managers more proactive than inexperienced individuals in building cybersecurity capabilities? F...

show abstract

“…Similarly, configuration of cybersecurity capabilities is inextricably tied to organizational performance, and evidence shows that major variations in the configuration of cybersecurity resources exist from company to company [34].…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources

Cited by 82 publications

References 37 publications

Institutional pressure, knowledge acquisition and a firm's environmental innovation

Institutional pressure, knowledge acquisition and a firm's environmental innovation

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Contact Info

Product

Resources

About