More agile, more vulnerable? Governing the cybersecurity paradox of open innovation in ransomware attacks

Abstract

Purpose Ransomware has emerged as one of the most severe threats in the digital ecosystem. While agility is assumed to be a cornerstone of modern cybersecurity, we identify a “too fast to secure” paradox: the pursuit of agility through open innovation inadvertently expands an organization’s attack surface, creating vulnerabilities to ransomware. By investigating the interplay among digital agility, data orchestration, and open innovation, this research advances understanding of ransomware defense in the digital age. Design/methodology/approach Our multimethod approach offers a unique dual triangulation perspective. From the defender’s side, we conducted a scenario-based online experiment with senior cybersecurity managers (Study 1). From the attacker’s side, we simulated their decision-making using a conjoint experiment powered by large language models (Study 2). Finally, we validated our model with structural equation modeling (SEM) based on survey data from 592 enterprises across four high-risk sectors (Study 3). Findings Contrary to conventional wisdom, our findings reveal that digital agility does not directly improve ransomware preparedness. Instead, open innovation exerts a negative causal effect, whereas data orchestration has a positive one. The SEM analysis further identifies the paradox: mediated by open innovation, digital agility undermines rather than enhances preparedness. However, effective data orchestration can mitigate this adverse impact, offering a pathway to balance innovation with security. Research limitations/implications While acknowledging the insights provided by this study, it is important to recognize several limitations. First, Study 1 and 2 indicate that data orchestration exerts a positive causal effect on ransomware preparedness, whereas Study 3 finds no significant relationship. We attribute this discrepancy to differences in the organizational size composition of our samples. Practical implications Our findings yield practical insights into ransomware defense management. Firstly, rethinking the role of digital agility in security strategies. Organizations should carefully assess the impact of digital agility on their cybersecurity management. Our research confirms that agility, in isolation, does not improve ransomware preparedness. Therefore, leaders must ensure that rapid changes and flexible processes are accompanied by robust security measures. Secondly, mitigating risks in open innovation practices. Given our finding that open innovation can negatively impact cybersecurity, organizations should approach open innovation initiatives with caution. Key actions include enhancing cybersecurity awareness, implementing access controls, establishing secure partnerships, regularly reviewing security policies, and deploying zero-trust measures. Social implications Our findings yield social implications into ransomware defense management. Strengthening data orchestration with security in mind. Organizations should integrate security considerations into their data management strategies. This could involve encrypting data flows, employing advanced data monitoring tools, and ensuring that data integration processes are secure. Originality/value This research is among the first to empirically demonstrate the “too fast to secure” paradox in ransomware defense. It highlights that for agile organizations, prioritizing robust data orchestration is paramount to mitigating the security risks inherent in open innovation.