Studying the tension between digital innovation and cybersecurity

With increasing economic pressures and exponential growth in technological innovations, companies are increasingly relying on digital technologies for innovation and value creation. But, with increasing levels of cybersecurity breaches, the trustworthiness of many established and new technologies is of concern. Consequently, companies are aggressively increasing cybersecurity of their existing and new digital assets. Most companies have to deal with these priorities simultaneously which are frequently conflicting, and creating tensions. This paper introduces a framework for evaluating these risk/reward trade-offs. Through a survey and interviews, companies are positioned in different quadrants on an innovation/cybersecurity matrix overlaid with the negative impact of cybersecurity controls on the innovative projects. The paper analyzes the industry level, firm level, technology management, and technology maturity factors that affect these trade-offs. Finally, a set of recommendations is provided to help a company to evaluate its positioning on the matrix, understand the underlying factors, and how to better manage these trade-offs. Keywords: Cybersecurity, digital innovation, CIOs

Studying the Tension Between Digital Innovation and Cybersecurity

With increasing economic pressures and exponential growth in technological innovations, companies are increasingly relying on digital technologies for innovation and value creation. But, with increasing levels of cybersecurity breaches, the trustworthiness of many established and new technologies is of concern. Consequently, companies are aggressively increasing cybersecurity of their existing and new digital assets. Most companies have to deal with these priorities simultaneously which are frequently conflicting, and creating tensions. This paper introduces a framework for evaluating these risk/reward trade-offs. Through a survey and interviews, companies are positioned in different quadrants on an innovation/cybersecurity matrix overlaid with the negative impact of cybersecurity controls on the innovative projects. The paper analyzes the industry level, firm level, technology management, and technology maturity factors that affect these trade-offs. Finally, a set of recommendations is provided to help a company to evaluate its positioning on the matrix, understand the underlying factors, and how to better manage these trade-offs

Cyber Security vs. Digital Innovation: A Trade-off for Logistics Companies?

Digital innovations are essential for companies in the 21st century. However, due to their reliance on (new) technologies, they are associated with cybersecurity risks. As the reduction of these can negatively affect an organization’s innovation capability, a trade-off might result. This trade-off has, to our knowledge, not yet been sufficiently researched. Our paper contributes to closing this research gap using semi-structured interviews with 14 digital innovation and cybersecurity experts in the German logistics industry. Findings from these interviews suggest that there are different types of tensions between digital innovation and cybersecurity capabilities detrimentally influencing innovations in three ways: by slowing down (temporally), requiring more resources (economically), or restricting innovative freedom (functionally). Furthermore, we were able to identify triggering and resolving factors. Thereby, our paper offers valuable contributions from both a theoretical as well as practical perspective

Balancing Digital Innovation and Cybersecurity Capabilities through Organizational Ambidexterity – An Investigation in the Automotive Industry

An organization’s digital innovation capability, i.e., its ability to leverage (technological) trends and developments, is not only associated with opportunities but also entails challenges and risks. Various incidents underline the importance of cybersecurity in this context. While organizations in the automotive industry have recognized both as inevitable, they perceive a trade-off between their innovation and cybersecurity capabilities. As digital innovations are often prestigious, they might prioritize factors like time-to-market and postpone cybersecurity to development and operations. To identify factors enabling organizations to balance the ambidextrous requirements of the two, we conducted an interview study in the automotive industry. Our findings indicate that organizational ambidexterity enabled by strategic and operational elements can minimize the trade-off and the associated risks, with implications for both theory and practice

The Impact of Cybersecurity and Innovation on Mobility Technology Acceptance

Not only in the mobility industry, innovative digital technologies are associated with opportunities but also pose risks in terms of cybersecurity. Consumers’ perception of a technology might thereby be impacted by their personal affinity to innovation and cybersecurity risk, affecting the attitude towards using. We developed an empirical model based on Davis’ Technology Acceptance Model (TAM) to analyze this impact in an online survey (n= 260). While both innovation and cybersecurity have an effect on attitude towards using, consumers do not perceive a direct tension between the two. Our study does thereby make both theoretical and practical contributions. On the one hand, we propose an extended TAM model that can easily be applied to further industries and digital technologies. On the other, we derive recommendations for the mobility industry, e.g., how to ease negative effects of cybersecurity risk perception, and increase customers’ attitude toward using

The Impact of the Organizational Design of Innovation Units on the Consideration of Cybersecurity

Digital innovations are not only associated with opportunities for value creation but also lead to threats, for example, additional cybersecurity risks. Dealing with the conflicting requirements of innovations and cybersecurity can lead to a trade-off for organizations that companies setting up innovation units outside their core organization need to address. We conducted a cross-industry interview study to investigate the impact of organizational design of innovation units on the consideration of cybersecurity. Our results, embedded in Galbraith’s star model, reveal five types of innovation units and three patterns of organizational design that impact this consideration. The effect of these patterns ranges from an ill- or over-consideration to a cybersecurity-innovation equilibrium. Thereby, we extend the existing literature on the trade-off of innovation and cybersecurity by organizational design considerations regarding strategy, structure, and processes. This theoretical contribution has implications for the organizational design of innovation units in practice

Securing intellectual capital:an exploratory study in Australian universities

Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

Cybersecurity in the digital classroom:implications for emerging policy, pedagogy and practice

Recent cybersecurity education literature has focused on developments in cybersecurity curricula, qualifications and accreditation, pedagogy and practice to increase the number of cybersecurity professionals, in both the UK and internationally. There has been little research published to date on the online learning, teaching and assessment environment as a cyber target in its own right. This chapter appraised and discussed the dangers in, and emerging threats to, using online environments. It proposes a set of steps and mitigation measures that can be taken to make it more difficult for cybercriminals to attack educational institutions

Proposal of a method to support the implementation of vertical integration in the context of Industry 4.0

One of the fundamental principles of Industry 4.0 in the field of intelligent manufacturing is the implementation of vertical integration, that is, the integration of information systems at the different hierarchical levels of the company to provide data flow over time and support decisionmaking. However, the academic literature still needs to present empirical evidence on how vertical integration and the technologies that compose it can be implemented to contribute to the requirements of Industry 4.0. Although vertical integration is presented as a solution to the need for data visibility that Industry 4.0 requires, it is known that there are different ways to implement vertical integration that depend on the desired operational objectives and the characteristics of the companies. Therefore, the technological sets of vertical integration can have different ways of contributing to achieving greater visibility of production processes. This thesis aims to propose a methodology to support companies in the implementation of vertical integration that allows companies to advance in Industry 4.0. The study followed a mixed approach, combining qualitative and quantitative methods. In qualitative terms, the thesis presents a multi-case study of 10 leading manufacturing companies in implementing 4.0 technologies, aiming to understand the main factors that influence these companies in adopting information systems for vertical integration. Furthermore, a multi-case qualitative study in 3 buyer-supplier dyads to understand the implications of information asymmetry in MES purchasing allows vertical integration in Industry 4.0. On the other hand, in quantitative terms, the thesis presents a survey conducted with 132 companies in the machinery and equipment sector, through which the contribution of cybersecurity actions to vertical integration is analyzed, making it possible to achieve greater digital transformation. This thesis demonstrates that the implementation of vertical integration is challenging for companies due to its complexity and novelty but that the methodologies presented contribute to clarifying this implementation. Furthermore, it explores the limitations and nuances of these contributions in different situations. The main contribution of this study is to provide empirical evidence of methodologies that support companies in the implementation of vertical integration in the context of Industry 4.0.Um dos princípios fundamentais da Indústria 4.0 no domínio da manufatura inteligente é a implementação da integração vertical, ou seja, a integração dos sistemas de informação dos diferentes níveis hierárquicos da empresa para fornecer fluxo de dados no tempo e suporte à tomada de decisão. Contudo, a literatura acadêmica ainda não tem apresentado evidências empíricas sobre a forma como a integração vertical e as tecnologias que a compõe podem ser implementadas de maneira a contribuir com os requisitos da Indústria 4.0. Embora integração vertical seja apresentada como uma solução para necessidade de visibilidade de dados que a Indústria 4.0 requer, é sabido que existem diferentes caminhos para implementação da integração vertical que dependem dos objetivos operacionais almejados e das características das empresas. Portanto, os conjuntos tecnológicos da integração vertical podem ter diferentes formas de contribuição para alcançar uma maior visibilidade dos processos de produção. O objetivo desta tese é propor uma metodologia para suportar as empresas na implementação de integração vertical que permita que as empresas avancem na Indústria 4.0. O estudo seguiu uma abordagem mista, combinando métodos qualitativos e quantitativo. Em termos qualitativos, a tese apresenta um estudo multicasos em 10 empresas de manufatura líderes na implantação de tecnologias 4.0, visando entender os principais fatores que influenciam essas empresas na adoção de sistemas de informação para integração vertical. E ainda, um estudo qualitativo multicascos em 3 díades de comprador e fornecedor para compreender as implicações da assimetria da informação na compra de MES que permita a integração vertical na Indústria 4.0. Por outro lado, em termos quantitativos, a tese apresenta uma pesquisa survey conduzida com 134 empresas do setor de máquinas e equipamentos, através da qual se analisa a contribuição de ações em cibersegurança na integração vertical possibilita alcançar maior transformação digital. A presente tese demonstra que, de fato, a implementação da integração vertical é desafiadora para as empresas devido sua complexidade e novidade, mas que as metodologias apresentadas contribuem para o esclarecimento dessa implementação. Além disso, explora as limitações e nuances dessas contribuições em diferentes situações. A principal contribuição deste estudo é fornecer evidências empíricas de metodologias que suportem as empresas na implementação de integração vertical no contexto da Indústria 4.0