Tell us about your project!

The cyber threat landscape has grown more complex than ever as organizations rapidly transform, rely on emerging digital technologies, and expand their networks. With the work patterns constantly shifting, organizations are more vulnerable to increasingly sophisticated cyberattacks and there are more things to protect than ever before. The rapidly changing nature of cyber risk means organizations need to continually update security measures and adopt a comprehensive approach to protect against increasing cyber threats. Relying on advanced technological security measures is not enough. Beyond technical measures, they must prioritize non-technical interventions to foster a desired cybersecurity culture. Fostering a desired CSC amid RDT is challenging because of the temporal disparity between the RDT and the process of shaping cybersecurity practices, principles, and mindset of employees in an organization. The disparity arises because RDT requires a swift implementation time, whereas fostering a desired CSC is a gradual process requiring continuous effort. Unless effectively managed, the rapidity of the transformation and the gradual process of fostering a desired CSC creates vulnerabilities that can be potentially exploited in cyberattacks. The impact of the temporal disparity on cybersecurity has not been adequately addressed by previous literature. Therefore, in this study, we empirically investigate this problem by exploring the non-technical cybersecurity initiatives implemented in an Ethiopian bank undergoing a five-year digital transformation process. We answer the following research question: How does the temporal disparity between rapid digital transformation and cultural change impact cybersecurity in organizations? We contribute to research and practice by developing a CSC framework that incorporates a multi-layered temporality dimension into Schein's organizational culture model.