Abstract

As organizations expand digital interdependence across ecosystems, cyber disruption becomes less a question of prevention alone than of sustaining critical operations and renewing socio-technical routines under attack. While dominant cybersecurity approaches emphasize technical controls and compliance, they offer limited guidance for explaining why some organizations coordinate more effectively, recover more rapidly, and learn more systematically than others. Drawing on dynamic capabilities and their managerial and behavioral microfoundations, this paper reconceptualizes cyber resilience as a Managerial Capability System. More specifically, cyber resilience is theorized as a higher-order dynamic capability enabled by managerial cognition, managerial social and human capital, and organizational enactment mechanisms that support coordinated adaptation over time. On this basis, the paper develops a theory-derived Cyber Resilience Management Framework structured around two organizational capability domains—Strategic Governance and Operational Mechanisms—and eight meso-level managerial capabilities: Organization, Cultural Enablers, Regulation, Connection, Ecosystem, Validation, Data Integrity, and Development. The paper contributes a clearer conceptual foundation for cyber resilience in IS research by distinguishing higher-order capability, microfoundations, capability domains, and organizational enactment mechanisms. It also offers an operationalizable structure for future empirical testing and comparative diagnosis across organizational and inter-organizational contexts.

Download

Share

COinS