Paradoxical tensions in the implementation of digital security governance: Toward an ambidextrous approach to governing digital security

Abstract

Due to increasing numbers of cyberattacks, security is one of the leading challenges to contemporary organizations. As contradictory demands (e.g., tensions in digital organizations) intensify, organizations increasingly find it difficult to implement digital security governance (DSG) as part of their regular organizational change activities. Based on data from forty-two interviews with Dutch CISOs and CIOs of large organizations that are active in various sectors, we identify three key paradoxical tensions that affect DSG implementation. We found that in a digital context, paradoxical tensions are pressurized and become out of balance. Disbalance among tensions exposes friction that hinders the implementation of DSG mechanisms. Finally, we present a conceptual model that sets direction for ambidextrous digital security. Understanding how to engage with tensions in an ambidextrous way determines the success of DSG implementations in today's complex digital environments.