Paper Type
Short
Paper Number
PACIS2025-1079
Description
Cyberattacks pose escalating threats to economies, infrastructure, and privacy by exploiting organizational vulnerabilities. In today’s evolving threat environment, a resilient cybersecurity culture is no longer optional – it is a strategic necessity. Although a strong cybersecurity culture encourages proactive, security-minded behavior throughout the organization, the ongoing occurrence of breaches highlights a disconnect between what is envisioned in theory and what is executed in practice. This study applies Swidler’s culture-in-action theory framed within a critical realist ontology to investigate how cultural resources are mobilized in cybersecurity practices. By analyzing contextual conditions and causal mechanisms, we aim to uncover micro-level processes of cultural enactment, and barriers to implementation. This research contributes an in-depth understanding of cybersecurity culture as a dynamic, practice-driven phenomenon rather than a static compliance goal, equipping organizations to better anticipate evolving cyber threats. The next stage of this research will involve empirical validation through semi-structured interviews and observations.
Recommended Citation
Molati, Katiso, "Cybersecurity Culture Through Swidler’s Culture-in-Action Theory: A Mechanism-Based Perspective" (2025). PACIS 2025 Proceedings. 11.
https://aisel.aisnet.org/pacis2025/security/security/11
Cybersecurity Culture Through Swidler’s Culture-in-Action Theory: A Mechanism-Based Perspective
Cyberattacks pose escalating threats to economies, infrastructure, and privacy by exploiting organizational vulnerabilities. In today’s evolving threat environment, a resilient cybersecurity culture is no longer optional – it is a strategic necessity. Although a strong cybersecurity culture encourages proactive, security-minded behavior throughout the organization, the ongoing occurrence of breaches highlights a disconnect between what is envisioned in theory and what is executed in practice. This study applies Swidler’s culture-in-action theory framed within a critical realist ontology to investigate how cultural resources are mobilized in cybersecurity practices. By analyzing contextual conditions and causal mechanisms, we aim to uncover micro-level processes of cultural enactment, and barriers to implementation. This research contributes an in-depth understanding of cybersecurity culture as a dynamic, practice-driven phenomenon rather than a static compliance goal, equipping organizations to better anticipate evolving cyber threats. The next stage of this research will involve empirical validation through semi-structured interviews and observations.
Comments
Security