Search results

The purpose of this study was to investigate the role of grace in the aftermaths of adverse cybersecurity incidents. Adverse incidents are an inescapable fact of life in organizational settings; consequences could be significant and costly. Increasingly, the cause may be a cybersecurity exploit, such as a well-targeted phishing email. In the aftermath, line managers have a choice in responding to the individual who caused the incident. Negative emotions, such as shame and regret, may deliberately be weaponized. Alternatively, positive emotions, such as grace, forgiveness and mercy, may come into play.

We detail a study with 60 participants to explore attribution differences in response to adverse incidents, both non-cybersecurity and cybersecurity. We examined the stages that occur in the aftermath of such adverse incidents where grace may be observed.

Our participants generally believed that grace was indicated toward those who triggered an adverse cybersecurity incident, pointing to situational causes. This was in stark contrast to their responses to the non-cybersecurity incident, where the individual was often blamed, with punishment being advocated.

The role of positive emotions merits investigation in the cybersecurity context if we are to understand how best to manage the aftermaths of adverse cybersecurity incidents.

Organizations that mismanage aftermaths of adverse incidents by blaming, shaming and punishing those who make mistakes will harm the individual who made the mistake, other employees and the long-term health of their organization in the long run.

To the best of the authors’ knowledge, this is the first study to reveal the grace phenomenon in the cybersecurity context.

Adverse cyber events, like death and taxes, have become inevitable. They are an increasingly common feature of organisational life. Their aftermaths are a critical and under-examined context and dynamic space within which to examine trust. In this paper, we address this deficit.

Drawing on pertinent theory and reports of empirical studies, we outline the basis of two alternative subsequent trajectories, drawing out the relationships between trust, vulnerability and emotion, both positive and negative, in the aftermath of an adverse cyber event.

We combine stage theory and social information processing theories to delineate the dynamics of trust processes and their multilevel trajectories during adverse cyber event aftermaths. We consider two response trajectories to chart the way vulnerability arises at different levels within these social systems to create self-reinforcing trust and distrust spirals. These ripple out to impact multiple levels of the organisation by either amplifying or relieving vulnerability.

The way adverse cyber events aftermaths are managed has immediate and long-term consequences for organisational stakeholders. Actions impact resilience and the ability to preserve the social fabric of the organisations. Subsequent trajectories can be “negative” or “positive”. The “negative” trajectory is characterised by efforts to identify and punish the employee whose actions facilitated the adverse events, i.e. the “who”. Public scapegoating might follow thereby amplifying perceived vulnerability and reducing trust across the board. By contrast, the “positive” trajectory relieves perceived vulnerability by focusing on, and correcting, situational causatives. Here, the focus is on the “what” and “why” of the event.

We raise the importance of responding in a constructive way to adverse cyber events.

The aftermaths of cyber attacks in organisations are a critical, neglected context. We explore the interplay between trust and vulnerability and its implications for management “best practice”.

Employers' lack of understanding of neurodiversity, coupled with a mismatch between job skills and workplace demands, contributes to this employment gap. In response to these challenges, neurodiverse individuals often consider entrepreneurship, with research indicating a propensity for entrepreneurial alertness and innovative benefits within the neurodiverse population.

Applying a strategic management lens, this chapter argued that neurodiverse entrepreneurs should adopt a strategic approach to enhance the success of their ventures. It introduced propositions emphasizing the importance of strategic management, strategic positioning, and various drivers such as formalization, entrepreneurial venture size, strategic level, industrial type, organizational leadership, and the strategic positioning implementation mix.

The strategic position was highlighted as a crucial aspect for neurodiverse entrepreneurs, advocating for the adoption of a strategic positioning mindset to navigate uncertain environments. Specific propositions suggest that strategic positioning can lead to enhanced financial wealth, personal satisfaction, and individual strengths among neurodiverse entrepreneurs. Additionally, this chapter explored strategic positioning drivers such as formalization, entrepreneurial venture size, strategic level, industrial type, organizational leadership, and the strategic positioning implementation mix.

In conclusion, this chapter highlighted the importance of strategic positioning for neurodiverse entrepreneurs seeking success in the competitive business landscape. Theoretical and practical implications were discussed, emphasizing the need for further research on factors contributing to a strategic mindset and metrics for monitoring the effectiveness of strategically positioned enterprises. Overall, adopting a strategic approach can empower neurodiverse entrepreneurs to overcome barriers, legitimize their businesses, and increase their chances of entrepreneurial success.