Author:
Badi Sulafa,Nasaj Mohamed
Abstract
PurposeThis study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey 7S model is used to analyse the relationship between a construction firm's cybersecurity effectiveness and nine internal capability elements: shared values, strategy, structure, systems, staff, style, skills, relationships with third parties and regulatory compliance.Design/methodology/approachBased on a quantitative research strategy, this study collected data through a cross-sectional survey of professionals working in the construction sector in the United Kingdom (UK). The collected data was analysed using descriptive and inferential statistical methods.FindingsThe findings underlined systems, regulatory compliance, staff and third-party relationships as the most significant elements of internal organisational capability influencing a construction firm's cybersecurity effectiveness, organised in order of importance.Research limitations/implicationsFuture research possibilities are proposed including the extension of the proposed diagnostic model to consider additional external factors, examining it under varying industrial relationship conditions and developing a dynamic framework that helps improve cybersecurity capability levels while overseeing execution outcomes to ensure success.Practical implicationsThe extended McKinsey 7S model can be used as a diagnostic tool to assess the organisation's internal capabilities and evaluate the effectiveness of implemented changes. This can provide specific ways for construction firms to enhance their cybersecurity effectiveness.Originality/valueThis study contributes to the field of cybersecurity in the construction industry by empirically assessing the effectiveness of cybersecurity in UK construction firms using an extended McKinsey 7S model. The study highlights the importance of two additional elements, third-party relationships and construction firm regulatory compliance, which were overlooked in the original McKinsey 7S model. By utilising this model, the study develops a concise research model of essential elements of internal organisational capability that influence cybersecurity effectiveness in construction firms.
Subject
General Business, Management and Accounting,Building and Construction,Architecture,Civil and Structural Engineering
Reference106 articles.
1. Abrams, M. and Weiss, J. (2008), “Malicious control system cyber security attack case study-Maroochy Water services”, Defense Technical Information Center, Fort Belvoir, VA, available at: http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study\report.pdf
2. Incident response teams–challenges in supporting the organisational security function;Computers and Security,2012
3. Cybersecurity risk management in small and medium-sized enterprises: a systematic review of recent evidence,2020
4. Design and validation of information security culture framework;Computers in Human Behavior,2015
5. Developing cybersecurity culture to influence employee behavior: a practice perspective;Computers and Security,2020