Search results

Adverse cyber events, like death and taxes, have become inevitable. They are an increasingly common feature of organisational life. Their aftermaths are a critical and under-examined context and dynamic space within which to examine trust. In this paper, we address this deficit.

Drawing on pertinent theory and reports of empirical studies, we outline the basis of two alternative subsequent trajectories, drawing out the relationships between trust, vulnerability and emotion, both positive and negative, in the aftermath of an adverse cyber event.

We combine stage theory and social information processing theories to delineate the dynamics of trust processes and their multilevel trajectories during adverse cyber event aftermaths. We consider two response trajectories to chart the way vulnerability arises at different levels within these social systems to create self-reinforcing trust and distrust spirals. These ripple out to impact multiple levels of the organisation by either amplifying or relieving vulnerability.

The way adverse cyber events aftermaths are managed has immediate and long-term consequences for organisational stakeholders. Actions impact resilience and the ability to preserve the social fabric of the organisations. Subsequent trajectories can be “negative” or “positive”. The “negative” trajectory is characterised by efforts to identify and punish the employee whose actions facilitated the adverse events, i.e. the “who”. Public scapegoating might follow thereby amplifying perceived vulnerability and reducing trust across the board. By contrast, the “positive” trajectory relieves perceived vulnerability by focusing on, and correcting, situational causatives. Here, the focus is on the “what” and “why” of the event.

We raise the importance of responding in a constructive way to adverse cyber events.

The aftermaths of cyber attacks in organisations are a critical, neglected context. We explore the interplay between trust and vulnerability and its implications for management “best practice”.

The purpose of this study was to investigate the role of grace in the aftermaths of adverse cybersecurity incidents. Adverse incidents are an inescapable fact of life in organizational settings; consequences could be significant and costly. Increasingly, the cause may be a cybersecurity exploit, such as a well-targeted phishing email. In the aftermath, line managers have a choice in responding to the individual who caused the incident. Negative emotions, such as shame and regret, may deliberately be weaponized. Alternatively, positive emotions, such as grace, forgiveness and mercy, may come into play.

We detail a study with 60 participants to explore attribution differences in response to adverse incidents, both non-cybersecurity and cybersecurity. We examined the stages that occur in the aftermath of such adverse incidents where grace may be observed.

Our participants generally believed that grace was indicated toward those who triggered an adverse cybersecurity incident, pointing to situational causes. This was in stark contrast to their responses to the non-cybersecurity incident, where the individual was often blamed, with punishment being advocated.

The role of positive emotions merits investigation in the cybersecurity context if we are to understand how best to manage the aftermaths of adverse cybersecurity incidents.

Organizations that mismanage aftermaths of adverse incidents by blaming, shaming and punishing those who make mistakes will harm the individual who made the mistake, other employees and the long-term health of their organization in the long run.

To the best of the authors’ knowledge, this is the first study to reveal the grace phenomenon in the cybersecurity context.

A learning-focused culture promotes creativity, innovativeness and the acquisition of novel insights and competencies. The study aims to explore the relationship between human resource development (HRD) practice and employee competencies using organizational learning culture as a mediating variable.

Data were collected from 828 employees of 37 health care institutions comprising 24 (internationally-owned) and 13 (indigenously-owned). Construct reliability and validity was established through a confirmatory factor analysis. The proposed model and hypotheses were evaluated using structural equation modeling.

Data supported the hypothesized relationships. The results show that training and development and employee competencies were significantly related. Career development and employee competencies were significantly related. Organizational learning culture mediates the relationship between training and development and employee competencies. However, organizational learning culture did not mediate the relationship between career development and employee competencies.

The generalizability of the findings will be constrained due to the research’s health care focus and cross-sectional data.

The study’s findings will serve as valuable pointers to policy makers and stakeholders of health care institutions in developing system-level capacities that promote continuous learning and adaptive learning cultures to ensure sustainability and competitive advantage.

By evidencing empirically that organizational learning culture mediates the relationship between HRD practices and employee competencies the study extends the literature.