Commenting on too general arguments and insights regarding the ways to achieve competitive advantages, Wernerfelt (1995 ) suggested that researchers need to do more by considering the differences in firms’ resource endowments. In one way, this paper has responded to that concern by developing a framework captures the interrelationship between the adversaries facing a firm and the development of various types of resources. Investments to increase the preparedness to address the cyber-threat would entail considerable redesign and reorientation of various resources. Moreover, these resources are mutually dependent and reinforce each other. Investment in CS technologies affects the ability of firms to attract and retain high-quality CS workforce. For instance, in 2013, four of the eight people responsible for ensuring the encryption of credit card data in Home Depot left the company because the management did not address their concerns (Smith, 2014). The above discussion suggests that there may be a need to revisit and update the way data is produced and collected. Hall (1992) suggested that trade secrets and databases are important types of intangible resources that may lead to a sustainable competitive advantage. However, s ome types of data, information and secrets would constitute a new type of liability for organizations. For instance, a major criticism that was leveled against Sony Pictures’ Pascal concerned her emails with producer Scott Rudin in which she joked about President Barack Obama's presumed taste in movies (nbcnews.com, 2015). Prior researchers suggested that top management can be a key resource if it can uniquely contribute to the organization’s sustained profitability (Castanias and Helfat, 1991; Mahoney and Pandian , 1992). The above analysis indicates that top management may be a source of liability if
28 it fails to understand the importance of CS. The case of Target indicates that CEOs and board members can be blamed and held responsible if a company facing cyber-attacks lacks an effective strategy. CEOs and boards thus need to become more involved in the development and deployment of CS-related resources instead of delegating the responsibility to other managers or other organizations. It is essential for them to have an in-depth understanding of the issue. The examples of CEOs cited in the beginning of the paper, who lost their jobs due to their failure on the CS fronts underscore the importance for organizations to develop a dominant logic that emphasizes the importance of CS. This can be referred to as a cybersecurity - dominant logic (CSDL) . Note that the top management team’s dominant logic determines rents that resources are likely to yield (Mahoney and Pandian , 1992; Prahalad and Bettis, 1986). On the other hand, the top management team’s dominant logic is a function of the resources in the organization (Mahoney and Pandian , 1992 ). The idea here is that the firm’s current resources are likely to influence managerial perceptions (Wernerfelt, 1984) and hence the direction of CS taken by the firm. A knowledgeable CIO and
You've reached the end of your free preview.
Want to read all 40 pages?