{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T05:41:17Z","timestamp":1771479677564,"version":"3.50.1"},"reference-count":100,"publisher":"MIS Quarterly","issue":"4","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":119,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,12,1]]},"abstract":"<jats:p>Cybersecurity groups navigate complex, challenging environments in their mission to protect their organizations. They experience uncertainty from adaptive threats from external attackers and unpredictable stakeholders. Under such volatility, business groups operate best when they are psychologically empowered. Recognizing the potential for empowerment to reduce organizational risk, we sought to learn how cybersecurity groups come to be (dis)empowered and how this (dis)empowerment is sustained. Instead of the conventional view of the empowerment process as designed, we advance an emergent view of the empowerment process. We abductively surface this process from our case analyses of 15 U.S. organizations. We offer three insights: First, organizations with empowered cybersecurity groups enjoy an enhanced level of protection from breaches. Second, we highlight generative rules through which groups become empowered\u2014via their bridging initiatives that co-opt stakeholders into security behaviors and stakeholder responsiveness to bridging, rather than unilaterally applied buffering initiatives. Third, we highlight reinforcing rules through which empowered states persist\u2014via the group\u2019s ability to safeguard organizational information assets, thereby ensuring cybersecurity group viability, continued bridging, and motivated stakeholder responsiveness. For practitioners, our study underscores the interdependence between cybersecurity groups and their stakeholders in securing an organization and posits processes for empowering cybersecurity groups.<\/jats:p>","DOI":"10.25300\/misq\/2024\/17211","type":"journal-article","created":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T18:13:57Z","timestamp":1726078437000},"page":"1503-1536","source":"Crossref","is-referenced-by-count":3,"title":["United We Stand, Divided We Fall: An Autogenic Perspective on Empowering Cybersecurity in Organizations"],"prefix":"10.25300","volume":"48","author":[{"given":"Alexandra","family":"Durcikova","sequence":"first","affiliation":[{"name":"Division of MIS, Price College of Business, University of Oklahoma Norman, OK U.S.A."}]},{"given":"Shaila M.","family":"Miranda","sequence":"additional","affiliation":[{"name":"Information Systems Department, Sam M. Walton College of Business, University of Arkansas Fayetteville, AR U.S.A."}]},{"given":"Matthew L.","family":"Jensen","sequence":"additional","affiliation":[{"name":"Division of MIS, Price College of Business, University of Oklahoma Norman, OK U.S.A."}]},{"given":"Ryan T.","family":"Wright","sequence":"additional","affiliation":[{"name":"McIntire School of Commerce, University of Virginia Charlottesville, VA U.S.A."}]}],"member":"10933","published-online":{"date-parts":[[2024,12,1]]},"reference":[{"issue":"4","key":"2025082212352395100_b1-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"719","DOI":"10.2189\/asqu.53.4.719","article-title":"Employee-management techniques: transient fads or trending fashions?","volume":"53","author":"Abrahamson","year":"2008","journal-title":"Administrative Science Quarterly"},{"issue":"1\/2","key":"2025082212352395100_b2-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1108\/AJB-08-2017-0022","article-title":"Getting rid of a heavy shield: downsizing the in-house legal department?","volume":"33","author":"Alvarado-Vargas","year":"2018","journal-title":"American Journal of Business"},{"key":"2025082212352395100_b3-08_ra_10.25300_misq_2024_17211","unstructured":"Armerding, T.\n           (2013). Long live perimeter security. Security. https:\/\/www.csoonline.com\/article\/2134133\/long-live-perimeter-security.html"},{"key":"2025082212352395100_b4-08_ra_10.25300_misq_2024_17211","unstructured":"Arsenault, B.\n           (2023). Your biggest cybersecurity risks could be inside your organization. Harvard Business Review. https:\/\/hbr.org\/2023\/03\/your-biggest-cybersecurity-risks-could-be-inside-your-organization"},{"issue":"3","key":"2025082212352395100_b5-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"632","DOI":"10.2307\/1952568","article-title":"Decisions and nondecisions: An analytical framework","volume":"57","author":"Bachrach","year":"1963","journal-title":"American Political Science Review"},{"issue":"1","key":"2025082212352395100_b6-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"161","DOI":"10.17705\/1jais.00798","article-title":"An adversarial dance: Toward an understanding of insiders\u2019 responses to organizational information security measures","volume":"24","author":"Balozian","year":"2023","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212352395100_b7-08_ra_10.25300_misq_2024_17211","volume-title":"Social foundations of thought and action","author":"Bandura","year":"1986"},{"issue":"1","key":"2025082212352395100_b8-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1","DOI":"10.2307\/2391741","article-title":"Organizations: A dialectical view","volume":"22","author":"Benson","year":"1977","journal-title":"Administrative Science Quarterly"},{"issue":"2","key":"2025082212352395100_b9-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"252","DOI":"10.5465\/amr.2017.0208","article-title":"The dark side of organizational paradoxes: The dynamics of disempowerment","volume":"46","author":"Berti","year":"2021","journal-title":"Academy of Management Review"},{"issue":"1","key":"2025082212352395100_b10-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"169","DOI":"10.2307\/3250983","article-title":"A resource-based perspective on information technology capability and firm performance: an empirical investigation","volume":"24","author":"Bharadwaj","year":"2000","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212352395100_b11-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1177\/0018726709337039","article-title":"The impact of structural empowerment on individual well-being and performance: Taking agent preferences, self-efficacy and operational constraints into account","volume":"63","author":"Biron","year":"2010","journal-title":"Human Relations"},{"key":"2025082212352395100_b12-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4842-5952-8","volume-title":"Rational cybersecurity for business: the security leaders\u2019 guide to business alignment","author":"Blum","year":"2020"},{"issue":"4","key":"2025082212352395100_b13-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"833","DOI":"10.5465\/amj.2011.64870145","article-title":"Understanding responses to supply chain disruptions: Insights from information processing and resource dependence perspectives","volume":"54","author":"Bode","year":"2011","journal-title":"Academy of Management Journal"},{"issue":"4","key":"2025082212352395100_b14-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"728","DOI":"10.1177\/00031224211024525","article-title":"Cultural schemas: What they are, how to find them, and what to do once you\u2019ve caught one","volume":"86","author":"Boutyline","year":"2021","journal-title":"American Sociological Review"},{"issue":"1","key":"2025082212352395100_b15-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1287\/isre.2022.1133","article-title":"Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse","volume":"34","author":"Burns","year":"2023","journal-title":"Information Systems Research"},{"issue":"2","key":"2025082212352395100_b16-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1037\/0021-9010.92.2.331","article-title":"A multilevel study of leadership, empowerment, and performance in teams","volume":"92","author":"Chen","year":"2007","journal-title":"Journal of Applied Psychology"},{"key":"2025082212352395100_b17-08_ra_10.25300_misq_2024_17211","unstructured":"Cimpanu, C.\n           (2019). A decade of hacking: The most notable cyber-security events of the 2010s. ZDNet. https:\/\/www.zdnet.com\/article\/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s\/"},{"issue":"8","key":"2025082212352395100_b18-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"3879","DOI":"10.1287\/mnsc.2017.2807","article-title":"Searching for structure: Formal organization design as a guide to network evolution","volume":"64","author":"Clement","year":"2018","journal-title":"Management Science"},{"issue":"3","key":"2025082212352395100_b19-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"471","DOI":"10.2307\/258093","article-title":"The empowerment process: Integrating theory and practice","volume":"13","author":"Conger","year":"1988","journal-title":"Academy of Management Review"},{"issue":"2","key":"2025082212352395100_b20-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1002\/job.657","article-title":"The impact of autonomy and task uncertainty on team performance: A longitudinal field study","volume":"31","author":"Cordery","year":"2010","journal-title":"Journal of Organizational Behavior"},{"issue":"3","key":"2025082212352395100_b21-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"779","DOI":"10.17705\/1jais.00740","article-title":"The influences of public and institutional pressure on firms\u2019 cybersecurity disclosures","volume":"23","author":"D\u2019Arcy","year":"2022","journal-title":"Journal of the Association for Information Systems"},{"issue":"6","key":"2025082212352395100_b22-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1057\/ejis.2011.23","article-title":"A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings","volume":"20","author":"D\u2019Arcy","year":"2011","journal-title":"European Journal of Information Systems"},{"key":"2025082212352395100_b23-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4899-2271-7","volume-title":"Intrinsic motivation and self-determination in human behavior","author":"Deci","year":"1985"},{"issue":"3","key":"2025082212352395100_b24-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"659","DOI":"10.1287\/orsc.2016.1051","article-title":"Generating novelty through interdependent routines: A process model of routine work","volume":"27","author":"Deken","year":"2016","journal-title":"Organization Science"},{"issue":"1","key":"2025082212352395100_b25-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"152","DOI":"10.17705\/1jais.00595","article-title":"The mediating role of psychological empowerment in information security compliance intentions","volume":"21","author":"Dhillon","year":"2020","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212352395100_b26-08_ra_10.25300_misq_2024_17211","unstructured":"Disparte, D., & Furlow, C. (2017). The best cybersecurity investment you can make is better training. Harvard Business Review. https:\/\/hbr.org\/2017\/05\/the-best-cybersecurity-investment-you-can-make-is-better-training"},{"key":"2025082212352395100_b27-08_ra_10.25300_misq_2024_17211","unstructured":"Doan, M.\n           (2019). Companies Need to Rethink What Cybersecurity Leadership Is. Harvard Business Review. https:\/\/hbr.org\/2019\/11\/companies-need-to-rethink-what-cybersecurity-leadership-is"},{"key":"2025082212352395100_b28-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1093\/oso\/9780195135008.003.0006","article-title":"Dynamics of structural change","volume-title":"Handbook of organizational change and innovation","author":"Drazin","year":"2004"},{"issue":"2","key":"2025082212352395100_b29-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1287\/orsc.3.2.230","article-title":"Autogenesis: A perspective on the process of organizing","volume":"3","author":"Drazin","year":"1992","journal-title":"Organization Science"},{"issue":"3","key":"2025082212352395100_b30-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1080\/17449626.2013.818374","article-title":"Empowerment, agency, and power","volume":"9","author":"Drydyk","year":"2013","journal-title":"Journal of Global Ethics"},{"issue":"4","key":"2025082212352395100_b31-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"532","DOI":"10.2307\/258557","article-title":"Building theories from case study research","volume":"14","author":"Eisenhardt","year":"1989","journal-title":"Academy of Management Review"},{"key":"2025082212352395100_b32-08_ra_10.25300_misq_2024_17211","unstructured":"EY\n          . (2020). How does security evolve from bolted on to built-in? EY\u2019s 22nd Global Information Security Survey 2020. https:\/\/assets.ey.com\/content\/dam\/ey-sites\/ey-com\/en_gl\/topics\/advisory\/ey-global-information-security-survey-2020-report.pdf"},{"issue":"2","key":"2025082212352395100_b33-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1109\/TEM.2006.872245","article-title":"Leadership of information systems development projects","volume":"53","author":"Faraj","year":"2006","journal-title":"IEEE Transactions on Engineering Management"},{"key":"2025082212352395100_b34-08_ra_10.25300_misq_2024_17211","unstructured":"Gartner\n          . (2022). Gartner identifies three factors influencing growth in security spending. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2022-10-13-gartner-identifies-three-factors-influencing-growth-i"},{"issue":"1","key":"2025082212352395100_b35-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"10","DOI":"10.2307\/258605","article-title":"Revolutionary change theories: A multilevel exploration of the punctuated equilibrium paradigm","volume":"16","author":"Gersick","year":"1991","journal-title":"Academy of Management Review"},{"key":"2025082212352395100_b36-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-349-16161-4","volume-title":"Central problems in social theory: Action, structure, and contradiction in social analysis","author":"Giddens","year":"1979"},{"key":"2025082212352395100_b37-08_ra_10.25300_misq_2024_17211","volume-title":"The constitution of society: Outline of the theory of structuration","author":"Giddens","year":"1984"},{"issue":"4","key":"2025082212352395100_b38-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1225","DOI":"10.25300\/MISQ\/2018\/13703","article-title":"IT consumerization and the transformation of IT governance","volume":"42","author":"Gregory","year":"2018","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212352395100_b39-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1080\/07421222.2018.1451962","article-title":"The role of corporate reputation and crisis response strategies in data breach management","volume":"35","author":"Gwebu","year":"2018","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025082212352395100_b40-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"58","DOI":"10.5465\/amd.2013.0020","article-title":"Organizational identity and culture in the context of managed change: Transformation in the Carlsberg Group, 2009-2013","volume":"1","author":"Hatch","year":"2015","journal-title":"Academy of Management Discoveries"},{"issue":"4","key":"2025082212352395100_b41-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"755","DOI":"10.2307\/3069414","article-title":"Organizational change as discourse: Communicative actions and deep structures in the context of information technology implementation","volume":"44","author":"Heracleous","year":"2001","journal-title":"Academy of Management Journal"},{"issue":"2","key":"2025082212352395100_b42-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1080\/07421222.2017.1334499","article-title":"Training to mitigate phishing attacks using mindfulness techniques","volume":"34","author":"Jensen","year":"2017","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025082212352395100_b43-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1037\/0021-9010.86.1.80","article-title":"Relationship of core self-evaluations traits\u2014self-esteem, generalized self-efficacy, locus of control, and emotional stability\u2014with job satisfaction and job performance: A meta-analysis","volume":"86","author":"Judge","year":"2001","journal-title":"Journal of Applied Psychology"},{"key":"2025082212352395100_b44-08_ra_10.25300_misq_2024_17211","unstructured":"Kahn, R. A., & Brock, B. T. (2007). When information security became a lawyer\u2019s thang. Business Law Today. https:\/\/businesslawtoday.org\/2017\/09\/when-information-security-became-a-lawyers-thang\/"},{"issue":"6","key":"2025082212352395100_b45-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1281","DOI":"10.1016\/j.paid.2005.10.019","article-title":"Self-efficacy, social support and well-being: The mediating role of optimism","volume":"40","author":"Karademas","year":"2006","journal-title":"Personality and Individual Differences"},{"issue":"2","key":"2025082212352395100_b46-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"687","DOI":"10.1287\/isre.2018.0827","article-title":"Toward a theory of information systems security behaviors of organizational employees: a dialectical process perspective","volume":"30","author":"Karjalainen","year":"2019","journal-title":"Information Systems Research"},{"issue":"4","key":"2025082212352395100_b47-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1002\/1099-0836(200007\/08)9:4%3C224::AID-BSE249%3E3.0.CO;2-X","article-title":"Organizational response to environmental regulation: punctuated change or autogenesis?","volume":"9","author":"King","year":"2000","journal-title":"Business Strategy and the Environment"},{"issue":"1","key":"2025082212352395100_b48-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"131","DOI":"10.2307\/256874","article-title":"A model of work team empowerment","volume":"10","author":"Kirkman","year":"1997","journal-title":"Research in Organizational Change and Development"},{"issue":"1","key":"2025082212352395100_b49-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"58","DOI":"10.2307\/256874","article-title":"Beyond self-management: antecedents and consequences of team empowerment","volume":"42","author":"Kirkman","year":"1999","journal-title":"Academy of Management Journal"},{"key":"2025082212352395100_b50-08_ra_10.25300_misq_2024_17211","unstructured":"KPMG\n          . (2022). Cyber trust insights 2022. https:\/\/kpmg.com\/us\/en\/articles\/2022\/cyber-trust-insights-2022.html"},{"issue":"6","key":"2025082212352395100_b51-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1633","DOI":"10.2307\/256824","article-title":"Conducting interorganizational research using key informants","volume":"36","author":"Kumar","year":"1993","journal-title":"Academy of Management Journal"},{"issue":"4","key":"2025082212352395100_b52-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"684","DOI":"10.1080\/713769649","article-title":"Is empowerment really a new concept?","volume":"12","author":"Lee","year":"2001","journal-title":"International Journal of Human Resource Management"},{"issue":"1","key":"2025082212352395100_b53-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"317","DOI":"10.25300\/MISQ\/2022\/15713","article-title":"Where is IT in information security? The interrelationship among IT investment, security awareness, and data breaches","volume":"47","author":"Li","year":"2023","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212352395100_b54-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"758","DOI":"10.1080\/07421222.2020.1790190","article-title":"Centralized IT decision making and cybersecurity breaches: Evidence from US higher education institutions","volume":"37","author":"Liu","year":"2020","journal-title":"Journal of Management Information Systems"},{"key":"2025082212352395100_b55-08_ra_10.25300_misq_2024_17211","article-title":"Taking a seat at the table: The quest for CISO legitimacy","author":"Lowry","year":"2022"},{"key":"2025082212352395100_b56-08_ra_10.25300_misq_2024_17211","unstructured":"Maddison, J.\n           (2020). Rapid change is the new normal. Security Week. https:\/\/www.securityweek.com\/rapid-change-new-normal"},{"issue":"1","key":"2025082212352395100_b57-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1348\/000712600161646","article-title":"Objectivity and reliability in qualitative analysis: Realist, contextualist and radical constructionist epistemologies","volume":"91","author":"Madill","year":"2000","journal-title":"British Journal of Psychology"},{"issue":"1","key":"2025082212352395100_b58-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1300\/J057v03n01_02","article-title":"Company\/product image studies and other considerations of Fortune 500 public relations departments","volume":"3","author":"Markham","year":"1996","journal-title":"Journal of Promotion Management"},{"issue":"4","key":"2025082212352395100_b59-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1231","DOI":"10.1177\/0149206312438773","article-title":"Empowerment\u2014fad or fab? A multilevel review of the past two decades of research","volume":"38","author":"Maynard","year":"2012","journal-title":"Journal of Management"},{"issue":"1","key":"2025082212352395100_b60-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"531","DOI":"10.25300\/MISQ\/2022\/14305","article-title":"How do organizations learn from information systems incidents? A synthesis of the past, present, and future","volume":"46","author":"Mehrizi","year":"2022","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212352395100_b61-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"143","DOI":"10.2307\/30040694","article-title":"Reassessing the limits of structural empowerment: Organizational constitution and trust as controls","volume":"28","author":"Mills","year":"2003","journal-title":"Academy of Management Review"},{"issue":"3","key":"2025082212352395100_b62-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1002\/smj.4250060306","article-title":"Of strategies, deliberate and emergent","volume":"6","author":"Mintzberg","year":"1985","journal-title":"Strategic Management Journal"},{"issue":"8","key":"2025082212352395100_b63-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1202","DOI":"10.1002\/smj.2149","article-title":"From autonomous strategic behavior to emergent strategy","volume":"35","author":"Mirabeau","year":"2014","journal-title":"Strategic Management Journal"},{"issue":"2","key":"2025082212352395100_b64-08_ra_10.25300_misq_2024_17211","first-page":"iii","article-title":"Editor\u2019s comments\u2014Computationally intensive theory construction: A primer for authors and reviewers","volume":"46","author":"Miranda","year":"2022","journal-title":"Management Information Systems Quarterly"},{"issue":"7","key":"2025082212352395100_b65-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"683","DOI":"10.1002\/smj.905","article-title":"Erratic strategic decisions: When and why managers are inconsistent in strategic decision making","volume":"32","author":"Mitchell","year":"2011","journal-title":"Strategic Management Journal"},{"key":"2025082212352395100_b66-08_ra_10.25300_misq_2024_17211","unstructured":"Naldi, M.\n           (2019). A review of sentiment computation methods with R packages. arXiv. https:\/\/arxiv.org\/abs\/1901.08319"},{"issue":"4","key":"2025082212352395100_b67-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"2163","DOI":"10.25300\/MISQ\/2022\/16609","article-title":"An empirical investigation of company response to data breaches","volume":"46","author":"Nikkhah","year":"2022","journal-title":"MIS Quarterly"},{"key":"2025082212352395100_b68-08_ra_10.25300_misq_2024_17211","unstructured":"NIST\n          . (2018). Risk management framework for information systems and organizations: A system life cycle approach for security and privacy (NIST REPORT 800-37 R.1)."},{"issue":"5","key":"2025082212352395100_b69-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"569","DOI":"10.1007\/BF02506982","article-title":"Empowerment theory, research, and application","volume":"23","author":"Perkins","year":"1995","journal-title":"American Journal of Community Psychology"},{"issue":"1","key":"2025082212352395100_b70-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1111\/bjso.12135","article-title":"On power and empowerment","volume":"55","author":"Pratto","year":"2016","journal-title":"British Journal of Social Psychology"},{"key":"2025082212352395100_b71-08_ra_10.25300_misq_2024_17211","unstructured":"Radack, S.\n           (2009). Protecting information systems with firewalls: Revised guidelines on firewall technologies and policies. Computer Security Resource Center. https:\/\/csrc.nist.gov\/publications\/detail\/itl-bulletin\/2009\/10\/protecting-information-systems-with-firewalls-revised-guideline\/final"},{"issue":"4","key":"2025082212352395100_b72-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"749","DOI":"10.2307\/256388","article-title":"Emotional contrast strategies as means of social influence: Lessons from criminal interrogators and bill collectors","volume":"34","author":"Rafaeli","year":"1991","journal-title":"Academy of Management Journal"},{"issue":"2","key":"2025082212352395100_b73-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1300\/J293v03n02_02","article-title":"Studies in empowerment: Introduction to the issue","volume":"3","author":"Rappaport","year":"1984","journal-title":"Prevention in human services"},{"issue":"1","key":"2025082212352395100_b74-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1287\/isre.1080.0214","article-title":"Examining the strategic alignment and implementation success of a KMS: A subculture-based multilevel analysis","volume":"22","author":"Ravishankar","year":"2011","journal-title":"Information Systems Research"},{"issue":"1","key":"2025082212352395100_b75-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1016\/0959-8022(94)90011-6","article-title":"Cultural analysis of the organizational consequences of information technology","volume":"4","author":"Robey","year":"1994","journal-title":"Accounting, Management and Information Technologies"},{"issue":"1","key":"2025082212352395100_b76-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1111\/jels.12035","article-title":"Empirical analysis of data breach litigation","volume":"11","author":"Romanosky","year":"2014","journal-title":"Journal of Empirical Legal Studies"},{"issue":"1","key":"2025082212352395100_b77-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1","DOI":"10.2307\/25148826","article-title":"Toward improving the relevance of information systems research to practice: the role of applicability checks","volume":"32","author":"Rosemann","year":"2008","journal-title":"MIS Quarterly"},{"key":"2025082212352395100_b78-08_ra_10.25300_misq_2024_17211","unstructured":"Ross, A.\n           (2016, April\u200825, 2016). Want job security? Try online security. Wired. https:\/\/www.wired.co.uk\/article\/job-security-cybersecurity-alec-ross"},{"issue":"2","key":"2025082212352395100_b79-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1080\/0961452951000157074","article-title":"Empowerment examined","volume":"5","author":"Rowlands","year":"1995","journal-title":"Development in Practice"},{"issue":"5","key":"2025082212352395100_b80-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"749","DOI":"10.1037\/0022-3514.57.5.749","article-title":"Perceived locus of causality and internalization: examining reasons for acting in two domains","volume":"57","author":"Ryan","year":"1989","journal-title":"Journal of Personality and Social Psychology"},{"issue":"2","key":"2025082212352395100_b81-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"261","DOI":"10.2307\/249754","article-title":"Arrangements for information technology governance: A theory of multiple contingencies","volume":"23","author":"Sambamurthy","year":"1999","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212352395100_b82-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","DOI":"10.25300\/MISQ\/2013\/37.4.E0","article-title":"Guest editorial: qualitative studies in information systems: a critical review and some guiding principles","volume":"37","author":"Sarker","year":"2013","journal-title":"MIS Quarterly"},{"key":"2025082212352395100_b83-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102903","article-title":"Paradoxical tensions in the implementation of digital security governance: Toward an ambidextrous approach to governing digital security","volume":"122","author":"Schinagl","year":"2022","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212352395100_b84-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"332","DOI":"10.2307\/20159585","article-title":"Taking empowerment to the next level: A multiple-level model of empowerment, performance, and satisfaction","volume":"47","author":"Seibert","year":"2004","journal-title":"Academy of Management Journal"},{"issue":"5","key":"2025082212352395100_b85-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"981","DOI":"10.1037\/a0022676","article-title":"Antecedents and consequences of psychological and team empowerment in organizations: A meta-analytic review","volume":"96","author":"Seibert","year":"2011","journal-title":"Journal of Applied Psychology"},{"issue":"4","key":"2025082212352395100_b86-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"255","DOI":"10.17705\/1jais.00121","article-title":"Post-positivist review of technology acceptance model","volume":"8","author":"Silva","year":"2007","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"2025082212352395100_b87-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"327","DOI":"10.2307\/25148794","article-title":"Fighting against windmills: Strategic information systems and organizational deep structures","volume":"31","author":"Silva","year":"2007","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212352395100_b88-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1177\/0001839219836670","article-title":"Organizational structure from interaction: Evidence from corporate sustainability efforts","volume":"65","author":"Soderstrom","year":"2020","journal-title":"Administrative Science Quarterly"},{"key":"2025082212352395100_b89-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"54","DOI":"10.4135\/9781849200448.n4","article-title":"Taking stock: A review of more than twenty years of research on empowerment at work","volume":"1","author":"Spreitzer","year":"2008","journal-title":"Handbook of organizational behavior"},{"key":"2025082212352395100_b90-08_ra_10.25300_misq_2024_17211","volume-title":"The art of case study research","author":"Stake","year":"1995"},{"issue":"1","key":"2025082212352395100_b91-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1177\/0261927X09351676","article-title":"The pychological meaning of words: LIWC and computerized text analysis methods","volume":"29","author":"Tausczik","year":"2010","journal-title":"Journal of Language and Social Psychology"},{"key":"2025082212352395100_b92-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","DOI":"10.4324\/9781315125930","article-title":"Organizations in action: Social science bases of administrative theory","author":"Thompson","year":"1967","journal-title":"Transaction Publishers"},{"key":"2025082212352395100_b93-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"169","DOI":"10.4135\/9781446218556.n6","article-title":"The institutionalization of institutional theory","volume-title":"Handbook of organization studies","author":"Tolbert","year":"1996"},{"issue":"10","key":"2025082212352395100_b94-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"2376","DOI":"10.1111\/j.1559-1816.2007.00263.x","article-title":"Antecedents and outcomes of perceived locus of causality: An application of self-determination theory","volume":"37","author":"Turban","year":"2007","journal-title":"Journal of Applied Social Psychology"},{"issue":"4481","key":"2025082212352395100_b95-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1126\/science.7455683","article-title":"The framing of decisions and the psychology of choice","volume":"211","author":"Tversky","year":"1981","journal-title":"Science"},{"issue":"9","key":"2025082212352395100_b96-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"1425","DOI":"10.1177\/01708406211030659","article-title":"How structural empowerment boosts organizational resilience: A case study in the Dutch home care industry","volume":"43","author":"van den Berg","year":"2022","journal-title":"Organization Studies"},{"key":"2025082212352395100_b97-08_ra_10.25300_misq_2024_17211","unstructured":"Weinert, A., Mayfield, P., Costica, Y., O\u2019Donovan, S., Gulati, G., Radhakrishnan, D., Tor, Y., & Esibov, A. (2019). Traditional perimeter-based network defense is obsolete\u2014transform to a zero trust model\u2008Security. https:\/\/www.microsoft.com\/security\/blog\/2019\/10\/23\/perimeter-based-network-defense-transform-zero-trust-model\/"},{"issue":"2","key":"2025082212352395100_b98-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"803","DOI":"10.25300\/MISQ\/2022\/16625","article-title":"Phishing susceptibility in context: A multilevel information processing perspective on deception detection","volume":"47","author":"Wright","year":"2023","journal-title":"MIS Quarterly"},{"key":"2025082212352395100_b99-08_ra_10.25300_misq_2024_17211","volume-title":"Case study research: Design and methods","author":"Yin","year":"1994","edition":"2nd"},{"issue":"2","key":"2025082212352395100_b100-08_ra_10.25300_misq_2024_17211","doi-asserted-by":"publisher","first-page":"907","DOI":"10.25300\/MISQ\/2020\/15477","article-title":"Is cybersecurity a team sport? A multilevel examination of workgroup information security effectiveness","volume":"44","author":"Yoo","year":"2020","journal-title":"MIS Quarterly"}],"container-title":["MIS Quarterly"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/48\/4\/1503\/9784\/08_ra_10_25300_misq_2024_17211.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/48\/4\/1503\/9784\/08_ra_10_25300_misq_2024_17211.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:35:31Z","timestamp":1755880531000},"score":1,"resource":{"primary":{"URL":"https:\/\/misq.umn.edu\/misq\/article\/48\/4\/1503\/2324\/United-We-Stand-Divided-We-Fall-An-Autogenic"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,1]]},"references-count":100,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,12,1]]},"published-print":{"date-parts":[[2024,12,1]]}},"URL":"https:\/\/doi.org\/10.25300\/misq\/2024\/17211","relation":{},"ISSN":["0276-7783","2162-9730"],"issn-type":[{"value":"0276-7783","type":"print"},{"value":"2162-9730","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,1]]}}}