Abstract: |
The rapidly evolving technological landscape does, in the form of digital
innovations, create opportunities for organizations and consumers alike. At
the same time, it does, however, confront both parties with increasing
cybersecurity challenges. This dissertation deals with the conflicting demands
of maintaining competitive advantage and leveraging the benefits of digital
innovation while ensuring cybersecurity. It explores the resulting tensions
and potential trade-offs from both a consumer and organizational perspective,
seeking to provide theoretical and practical contributions on how the
interplay between digital innovation and cybersecurity can be optimized and
how the two domains can be balanced effectively. Thereby, the dissertation is
guided by three overarching research questions: First, how do consumers'
attitudes towards innovation and cybersecurity influence their acceptance of
digital innovations? Second, how do organizations perceive and navigate the
trade-offs between digital innovation and cybersecurity? Third, what are the
implications of organizational design in general and organizational
ambidexterity in specific for the interplay of digital innovation and
cybersecurity capabilities? These research questions are dealt with in four
empirical studies. The first study focuses on the consumer perspective and the
trade-offs they make in their technology acceptance decisions. Therefore, the
Technology Acceptance Model is extended by four constructs - Personal
innovation affinity, personal risk appetite, perceived innovativeness, and
perceived cybersecurity risk. Participants of an online survey are presented
with three fictitious products from the mobility sector, where digital
innovations such as connected vehicles and smart mobility solutions are
emerging rapidly. The findings from the first study underline that consumers
sometimes neglect cybersecurity when innovative product characteristics
promise substantial benefits. For certain product types, consumers do,
however, seem to have increased cybersecurity concerns that organizations need
to consider. The study suggests that consumer education and transparency about
a product’s cybersecurity maturity are essential for informed technology
acceptance decisions. Studies two, three, and four deal with the
organizational perspective of the interplay between digital innovation and
cybersecurity. The second study focuses on the automotive industry, exploring
how organizations perceive the conflicting demands and balance them through
organizational ambidexterity. The study follows a qualitative research
approach drawing on nine experts questioned in semi-structured interviews. Its
findings confirm the perception of a trade-off between the two domains in the
automotive industry, with factors like the importance of time-to-market for
digital innovations leading organizations to deprioritize and postpone
cybersecurity aspects. The study suggests that strategic and operational
elements of organizational ambidexterity, including corporate culture,
management commitment, communication, and early integration of cybersecurity,
can help minimize trade-offs and even turn cybersecurity into a competitive
advantage. The third study focuses on the German logistics industry in a
comparable research approach using semi-structured interviews with 14 experts
for digital innovation and cybersecurity. Their analysis suggests that there
are different types of tensions between digital innovation and cybersecurity
capabilities negatively influencing innovation efforts in three ways: by
slowing down (temporally), requiring more resources (economically), or
restricting innovative freedom (functionally). Furthermore, triggers like
rapid technological changes and increased market competition as well as
resolving factors like flexible governance structures and an early integration
of cybersecurity into digital innovation efforts are identified. Awareness of
these factors helps organizations achieve a digital innovation-cybersecurity
equilibrium. The fourth and final study included in this dissertation
investigates how organizations can achieve ambidexterity and integrate the two
domains in the context of digital innovation units. The cross-industry
interview study, analyzed following the Grounded Theory methodology, leverages
Galbraith’s star model as a frame of reference. Embedded within this frame,
different types of innovation units and three organizational design patterns
that impact the consideration of cybersecurity within these types of units,
are identified. The findings underline that, depending on strategic,
structural, and processual aspects, the different types of digital innovation
units are more or less likely to ill- or over-consider cybersecurity. Besides
the study's theoretical contribution to organizational design literature, this
framework has practical implications for the setup of innovation units in
practice. Collectively, the four studies contribute to a deeper understanding
of the interplay between digital innovation and cybersecurity. Theoretically,
while contributing to technology acceptance, organizational design, and
ambidexterity theory in general, this dissertation advances the literature on
digital innovation management and cybersecurity in specific by advocating for
a more integrated approach that considers the conflicting demands of the two
domains. Practically, it provides insights for consumers and organizations
trying to navigate the resulting tensions, for example, by promoting consumer
awareness or by creating an organizational culture that equally promotes both
digital innovation and cybersecurity. The frameworks developed in the four
studies provide a foundation for future studies on the digital
innovation-security nexus, for example in further industries, and offer
practical guidance, for example, concerning product marketing or digital
innovations strategy. In conclusion, this dissertation highlights the
importance of considering digital innovation and cybersecurity as
complementary instead of opposing forces of an organization’s digital
transformation. Organizations should not restrict cybersecurity to being a
technical issue but see it as a strategic necessity to be embedded into their
digital innovation efforts. In the long run, this will lead to more secure
digital innovations, increased consumer trust, and competitive advantages. |