A multistate modeling approach for organizational cybersecurity exploration and exploitation

Abstract

This study examines the dynamic stages of exploration and exploitation efforts by organizations in their cybersecurity responses using multistate modeling. Using textual data from the annual 10-K reports of S&P 100 organizations, this study uses a combination of text analytics and Markov chain approach to quantify exploration and exploitation in organizational cybersecurity responses. The study models two and four states of exploration and exploitation based on their cybersecurity responses over time and uses a continuous-time Markov chain approach to analyze transitions between states as organizations adapt their responses over time to achieve ambidexterity. The two-state Markov model focuses on the firm-level Exploration and Exploitation states whereas the four-state model captures deeper levels of exploration and exploitation by considering Surviving, Investigating, Reinforcing, and Balancing as possible states for exploration and exploitation of cybersecurity responses. We analyze the dynamics of organizational exploration-exploitation behaviors by modeling longitudinal transition probabilities across different states. Implications for research and practice are discussed.