Cyberattacks as “state of exception” reconceptualizing cybersecurity from prevention to surviving and accommodating

Abstract

Purpose This paper aims to outline how destructive communication exemplified by ransomware cyberattacks destroys the process of organization, causes a “state of exception,” and thus constitutes organization. The authors build on Agamben's state of exception and translate it into communicative constitution of organization (CCO) theory. Design/methodology/approach A significant increase of cyberattacks have impacted organizations in recent times and laid organizations under siege. This conceptual research builds on illustrative cases chosen by positive deviance case selection (PDCS) of ransomware attacks. Findings CCO theory focuses mainly on ordering characteristics of communication. The authors aim to complement this view with a perspective on destructive communication that destroys the process of organization. Based on illustrative cases, the authors conceptualize a process model of destructive CCO. Practical implications The authors expand thoughts about a digital “corporate immune system” to question current offensive cybersecurity strategies of deterrence and promote resilience approaches instead. Originality/value Informed by destructive communication of cyberattacks, this theory advancement supports arguments to include notions of disorder into CCO theory. Furthermore, the paper explains where disruptions like cyberattacks may trigger sensemaking and change to preserve stability. Finally, a novel definition of ‘destructive CCO’ is provided: Destructive Communication Constitutes Organization by disrupting and destroying its site and surface while triggering sensemaking and becoming part of sensemaking itself.