IDEAS home Printed from https://ideas.repec.org/a/eee/teinso/v76y2024ics0160791x23002543.html
   My bibliography  Save this article

Enhancing cybersecurity capability investments: Evidence from an experiment

Author

Listed:
  • Pigola, Angélica
  • Da Costa, Priscila Rezende
  • Ferasso, Marcos
  • Cavalcanti da Silva, Luís Fabio

Abstract

In recent years, investments in cybersecurity capabilities (CC) have emerged as an essential practice in reducing cyberattacks and optimizing the usage of technologies. Therefore, optimal investments in capabilities must be determined according to the cybersecurity scenario of firms. This experiment pursues an understanding of the effectiveness of the iterative learning process in investments in CC. Through a simulator game, experienced and inexperienced participants overcome challenges related to uncertainties of cyber incidents to decision-making in cybersecurity capability investments. The collected data were empirically tested from 119 participants analyzing 3,808 simulation runs. The findings demonstrated that there is a slight difference in the learning curve between the two groups even if they learn proactively and iteratively. However, experienced, and inexperienced groups did not demonstrate enough capacity to analyze the cybersecurity ecosystems designed in the simulator game to mitigate cyber incidents. Both groups exhibited similar results regarding gaps to invest in CC to address uncertainties associated with cyber threats. In this sense, this experiment highlights the relevance of learning about CC investments in any context to avoid resource losses and time to uncover the complexities related to incident responses.

Suggested Citation

  • Pigola, Angélica & Da Costa, Priscila Rezende & Ferasso, Marcos & Cavalcanti da Silva, Luís Fabio, 2024. "Enhancing cybersecurity capability investments: Evidence from an experiment," Technology in Society, Elsevier, vol. 76(C).
    • Handle: RePEc:eee:teinso:v:76:y:2024:i:c:s0160791x23002543
    DOI: 10.1016/j.techsoc.2023.102449
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0160791X23002543
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.techsoc.2023.102449?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Raphael Amit & Paul J. H. Schoemaker, 1993. "Abstract," Strategic Management Journal, Wiley Blackwell, vol. 14(1), pages 33-46, January.
    2. David J. Teece & Gary Pisano & Amy Shuen, 1997. "Dynamic capabilities and strategic management," Strategic Management Journal, Wiley Blackwell, vol. 18(7), pages 509-533, August.
    3. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    4. Chatterjee, Samrat & Thekdi, Shital, 2020. "An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    5. Kathleen M. Eisenhardt & Jeffrey A. Martin, 2000. "Dynamic capabilities: what are they?," Strategic Management Journal, Wiley Blackwell, vol. 21(10‐11), pages 1105-1121, October.
    6. Naseer, Ayesha & Naseer, Humza & Ahmad, Atif & Maynard, Sean B. & Masood Siddiqui, Adil, 2021. "Real-time analytics, incident response process agility and enterprise cybersecurity performance: A contingent resource-based analysis," International Journal of Information Management, Elsevier, vol. 59(C).
    7. Dukerich, Janet M. & Nichols, Mary Lippitt, 1991. "Causal information search in managerial decision making," Organizational Behavior and Human Decision Processes, Elsevier, vol. 50(1), pages 106-122, October.
    8. Abdul Molok, Nurul Nuha & Ahmad, Atif & Chang, Shanton, 2018. "A case analysis of securing organisations against information leakage through online social networking," International Journal of Information Management, Elsevier, vol. 43(C), pages 351-356.
    9. Michael Workman, 2008. "Wisecrackers: A theory‐grounded investigation of phishing and pretext social engineering threats to information security," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 59(4), pages 662-674, February.
    10. Benz, Michael & Chatterjee, Dave, 2020. "Calculated risk? A cybersecurity evaluation tool for SMEs," Business Horizons, Elsevier, vol. 63(4), pages 531-540.
    11. S Robinson, 2008. "Conceptual modelling for simulation Part II: a framework for conceptual modelling," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 59(3), pages 291-304, March.
    12. S Robinson, 2008. "Conceptual modelling for simulation Part I: definition and requirements," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 59(3), pages 278-290, March.
    13. Craig W. Fisher & InduShobha Chengalur-Smith & Donald P. Ballou, 2003. "The Impact of Experience and Time on the Use of Data Quality Information in Decision Making," Information Systems Research, INFORMS, vol. 14(2), pages 170-188, June.
    14. Hazhir Rahmandad, 2012. "Impact of Growth Opportunities and Competition on Firm-Level Capability Development Trade-offs," Organization Science, INFORMS, vol. 23(1), pages 138-154, February.
    15. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    16. John D’Arcy & Idris Adjerid & Corey M. Angst & Ante Glavas, 2020. "Too Good to Be True: Firm Social Performance and the Risk of Data Breach," Information Systems Research, INFORMS, vol. 31(4), pages 1200-1223, December.
    17. David J. Teece, 2007. "Explicating dynamic capabilities: the nature and microfoundations of (sustainable) enterprise performance," Strategic Management Journal, Wiley Blackwell, vol. 28(13), pages 1319-1350, December.
    18. Maurizio Zollo & Sidney G. Winter, 2002. "Deliberate Learning and the Evolution of Dynamic Capabilities," Organization Science, INFORMS, vol. 13(3), pages 339-351, June.
    19. Miles M. Yang & Hong Jiang & Michael Shayne Gary, 2016. "Challenging learning goals improve performance in dynamically complex microworld simulations," System Dynamics Review, System Dynamics Society, vol. 32(3-4), pages 204-232, July.
    20. Adhirath Kapoor & Ankur Gupta & Rajesh Gupta & Sudeep Tanwar & Gulshan Sharma & Innocent E. Davidson, 2021. "Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions," Sustainability, MDPI, vol. 14(1), pages 1-24, December.
    21. Tesleem Fagade & Konstantinos Maraslis & Theo Tryfonas, 2017. "Towards effective cybersecurity resource allocation: the Monte Carlo predictive modelling approach," International Journal of Critical Infrastructures, Inderscience Enterprises Ltd, vol. 13(2/3), pages 152-167.
    22. Shaker A. Zahra & Harry J. Sapienza & Per Davidsson, 2006. "Entrepreneurship and Dynamic Capabilities: A Review, Model and Research Agenda," Journal of Management Studies, Wiley Blackwell, vol. 43(4), pages 917-955, June.
    23. Paese, Paul W. & Sniezek, Janet A., 1991. "Influences on the appropriateness of confidence in judgment: Practice, effort, information, and decision-making," Organizational Behavior and Human Decision Processes, Elsevier, vol. 48(1), pages 100-130, February.
    24. Feng Xu & Xin (Robert) Luo & Hongyun Zhang & Shan Liu & Wei (Wayne) Huang, 2019. "Do Strategy and Timing in IT Security Investments Matter? An Empirical Investigation of the Alignment Effect," Information Systems Frontiers, Springer, vol. 21(5), pages 1069-1083, October.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gliga, Gabriela & Evers, Natasha, 2023. "Marketing capability development through networking – An entrepreneurial marketing perspective," Journal of Business Research, Elsevier, vol. 156(C).
    2. Quan Anh Nguyen & Gillian Sullivan Mort, 0. "Conceptualising organisational-level and microfoundational capabilities: an integrated view of born-globals’ internationalisation," International Entrepreneurship and Management Journal, Springer, vol. 0, pages 1-23.
    3. Amandine Maus & Sylvie Sammut, 2018. "Business model innovation in incubators: the role played by dynamic capabilities theory," Post-Print hal-02466175, HAL.
    4. Jasna Prester, 2023. "Operating and Dynamic Capabilities and Their Impact on Operating and Business Performance," Sustainability, MDPI, vol. 15(20), pages 1-24, October.
    5. Anja Schulze & Stefano Brusoni, 2022. "How dynamic capabilities change ordinary capabilities: Reconnecting attention control and problem‐solving," Strategic Management Journal, Wiley Blackwell, vol. 43(12), pages 2447-2477, December.
    6. Kindström, Daniel & Kowalkowski, Christian & Sandberg, Erik, 2013. "Enabling service innovation: A dynamic capabilities approach," Journal of Business Research, Elsevier, vol. 66(8), pages 1063-1073.
    7. Hafeez, Salima & Rana, Asif Mehmood & Chaudhry, Rashid Mehmood & Khan, Muhammad Aslam & Ahmad, H.Mushtaq & Rehman, Kashif Ur, 2011. "Perspectives of entrepreneurial orientation with the quality of life," MPRA Paper 53860, University Library of Munich, Germany.
    8. Schriber, Svante & Löwstedt, Jan, 2015. "Tangible resources and the development of organizational capabilities," Scandinavian Journal of Management, Elsevier, vol. 31(1), pages 54-68.
    9. Richard Arend, 2013. "Ethics-focused dynamic capabilities: a small business perspective," Small Business Economics, Springer, vol. 41(1), pages 1-24, June.
    10. Cleverton Rodrigues Fernandes & André Gustavo Carvalho Machado, 2019. "Technology Transfer Capability: development dynamics in higher education institutions," Brazilian Business Review, Fucape Business School, vol. 16(1), pages 1-15, January.
    11. Lin, Yini & Wu, Lei-Yu, 2014. "Exploring the role of dynamic capabilities in firm performance under the resource-based view framework," Journal of Business Research, Elsevier, vol. 67(3), pages 407-413.
    12. Jean D. Kabongo & Olivier Boiral, 2017. "Doing More with Less: Building Dynamic Capabilities for Eco‐Efficiency," Business Strategy and the Environment, Wiley Blackwell, vol. 26(7), pages 956-971, November.
    13. Xiaoming He & Yaqun Yi & Zelong Wei, 2019. "New product development capabilities in China: the moderating role of TMT cooperative behavior," Asian Business & Management, Palgrave Macmillan, vol. 18(2), pages 73-97, April.
    14. Simone Sehnem & Adriane A. Farias S. L. de Queiroz & Susana Carla Farias Pereira & Gabriel dos Santos Correia & Edson Kuzma, 2022. "Circular economy and innovation: A look from the perspective of organizational capabilities," Business Strategy and the Environment, Wiley Blackwell, vol. 31(1), pages 236-250, January.
    15. Wolfgang H. Güttel & Stefan Konlechner & Barbara Müller, 2012. "Entscheidungsmuster und Veränderungsarchitekturen in Wandelprozessen: Eine Dynamic Capabilities-Perspektive," Schmalenbach Journal of Business Research, Springer, vol. 64(6), pages 630-654, September.
    16. Liliya Oxtorp, 2014. "Dynamic managerial capability of technology-based international new ventures—a basis for their long-term competitive advantage," Journal of International Entrepreneurship, Springer, vol. 12(4), pages 389-420, December.
    17. Hwan Jin Kim, 2018. "Reconciling Entrepreneurial Orientation and Dynamic Capabilities: A Strategic Entrepreneurship Perspective," Journal of Entrepreneurship and Innovation in Emerging Economies, Entrepreneurship Development Institute of India, vol. 27(2), pages 180-208, September.
    18. Pinho, José Carlos & Prange, Christiane, 2016. "The effect of social networks and dynamic internationalization capabilities on international performance," Journal of World Business, Elsevier, vol. 51(3), pages 391-403.
    19. Claudia D’Annunzio & Mariela Carattoli & Dolores Dupleix, 2015. "Dynamic Capabilities Associated with a Firm’s Growth in Developing Countries. A Comparative Study of Argentinean SMEs in the Software and Tourism Industries," Journal of Entrepreneurship, Management and Innovation, Fundacja Upowszechniająca Wiedzę i Naukę "Cognitione", vol. 11(4), pages 25-62.
    20. Keonhyeong Lee & Liyuan Wang, 2023. "Chinese High-Tech Export Performance: Effects of Intellectual Capital Mediated by Dynamic and Risk Management Capabilities," SAGE Open, , vol. 13(1), pages 21582440231, February.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:teinso:v:76:y:2024:i:c:s0160791x23002543. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/technology-in-society .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.