Cybersecurity technologies : a study of adaptation in a government organisation

Abstract

Cybersecurity emerges as an exemplary case of human-technology entanglement. Cybersecurity technologies that monitor security breaches, protect Information Technology (IT) infrastructure, and respond to and counter-attack cybercrimes, are getting deployed at an increasing rate across organisations worldwide. These technologies are highly complex, and their deployment involves profound technological, organisational and social transformation in an environment of ever-increasing cyber threats and the dramatic rise of interconnected digital devices. These present an urgent challenge for all stakeholders who need to understand the cybersecurity phenomenon in order to deal with its complex social and technological implications. This thesis explores the cybersecurity phenomenon in the context of government organisations responsible for the deployment, implementation and use and effects of cybersecurity technologies. A broad literature review on cybersecurity demonstrates that the dominant research focus has been on the technical aspects of cybersecurity technologies, including their design, functionality and performance, as well as recommending best practices. Limited research in information systems (IS) and social sciences has also addressed social and organisational aspects, primarily concerned with issues around privacy, surveillance and human rights, data sharing and protection, legislation and law enforcement, and psychological profiling of attackers. On the other hand, IS literature has addressed IT implementation, organisational change and adaptation in organisational context, focusing on specific IT systems (for example on ERP and CRM) but not cybersecurity technologies. Overall, the literature review shows that there is a lack of understanding of the cybersecurity phenomenon and the complex processes of the deployment, implementation and use of cybersecurity technologies. This thesis therefore aims to contribute to better understanding of cybersecurity technologies and specifically to offer a theoretical model that explains unfolding adaptation processes between an organisation and cybersecurity technologies and their implications. This aim is achieved by conducting a longitudinal field study of the adoption of cybersecurity technologies in a government organisation and answering the following research question: How do human and technological actors change and adapt in turbulent and complex environment marked by increasing cyber threats and imperative government adoption of cybersecurity technologies? The theoretical model of human cybersecurity technology co-adaptation, inductively built from the empirical findings, describes ongoing complex adaptation processes involving human and technological actors, organisational power structures, and a hostile cyber threatening context. The thesis thus extends knowledge on process of change and becoming in IS to include a co-adaptation process. It also extends knowledge on cybersecurity phenomenon and also contributes to the IS literature on IT adoption in a turbulent environment. Its practical implications are relevant for cybersecurity stakeholders: by being aware of; and better understanding the co-adaptation required to implement such multidimensional and intrusive technologies, they will be better equipped to deal with cybersecurity technologies deployment and implementation in practice.