Abstract

Cybersecurity compliance has become a cornerstone of digital governance, yet prevailing frameworks are largely designed around large-firm capacity. Small and medium-sized enterprises (SMEs), though vital to supply chains, face disproportionate compliance burdens that often make outsourcing unavoidable. This imbalance creates a policy paradox: while governments pursue legitimate security goals, uniform mandates can overextend SME resources, raising critical questions of fairness. Prior research has examined compliance mainly within firms at the individual level, leaving fairness across regulated ecosystems underexplored. This study applies Organizational Justice Theory (OJT) and Business Ecosystem Theory (BET) as sensitizing lenses to examine how SMEs in the U.S. Defense Industrial Base perceive and respond to compliance requirements. The analysis introduces Ecosystem-Level Justice (ELJ), a perception-based construct capturing how firms evaluate the fairness of compliance burdens distributed across interdependent actors. ELJ distinguishes structural requirements from perceived fairness judgments and extends OJT to the ecosystem level by positioning fairness perceptions as the mechanism linking power asymmetries to trust and SME decisions to enter, persist, outsource, or exit.

Download

Share

COinS