Finding grace in responses to adverse cybersecurity incidents
Dupuis, Marc J. and Searle, Rosalind and Renaud, Karen (2024) Finding grace in responses to adverse cybersecurity incidents. Journal of Intellectual Capital. ISSN 1469-1930 (https://doi.org/10.1108/JIC-04-2024-0128)
Preview |
Text.
Filename: Dupuis-etal-JIC-2024-Finding-grace-in-responses-to-adverse-cybersecurity.pdf
Accepted Author Manuscript License: Download (1MB)| Preview |
Abstract
Purpose: The purpose of this study was to investigate the role of grace in the aftermaths of adverse cybersecurity incidents. Adverse incidents are an inescapable fact of life in organizational settings; consequences could be significant and costly. Increasingly, the cause may be a cybersecurity exploit, such as a well-targeted phishing email. In the aftermath, line managers have a choice in responding to the individual who caused the incident. Negative emotions, such as shame and regret, may deliberately be weaponized. Alternatively, positive emotions, such as grace, forgiveness and mercy, may come into play. Design/methodology/approach: We detail a study with 60 participants to explore attribution differences in response to adverse incidents, both non-cybersecurity and cybersecurity. We examined the stages that occur in the aftermath of such adverse incidents where grace may be observed. Findings: Our participants generally believed that grace was indicated toward those who triggered an adverse cybersecurity incident, pointing to situational causes. This was in stark contrast to their responses to the non-cybersecurity incident, where the individual was often blamed, with punishment being advocated. Research limitations/implications: The role of positive emotions merits investigation in the cybersecurity context if we are to understand how best to manage the aftermaths of adverse cybersecurity incidents. Practical implications: Organizations that mismanage aftermaths of adverse incidents by blaming, shaming and punishing those who make mistakes will harm the individual who made the mistake, other employees and the long-term health of their organization in the long run. Originality/value: To the best of the authors’ knowledge, this is the first study to reveal the grace phenomenon in the cybersecurity context.
ORCID iDs
Dupuis, Marc J., Searle, Rosalind and Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531;-
-
Item type: Article ID code: 90802 Dates: DateEvent5 November 2024Published5 November 2024Published Online2 October 2024AcceptedSubjects: ?? QA76-890 ?? Department: Faculty of Science > Computer and Information Sciences Depositing user: Pure Administrator Date deposited: 09 Oct 2024 15:06 Last modified: 12 Dec 2024 15:41 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/90802