{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:15:27Z","timestamp":1763442927721,"version":"3.45.0"},"reference-count":109,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100002322","name":"Coordena\u00e7\u00e3o de Aperfeicoamento de Pessoal de N\u00edvel Superior","doi-asserted-by":"publisher","award":["001"],"award-info":[{"award-number":["001"]}],"id":[{"id":"10.13039\/501100002322","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>This study examines the adoption and implementation of the Zero Trust (ZT) cybersecurity paradigm using the Technology\u2013Organization\u2013Environment (TOE) framework. While ZT is gaining traction as a security model, many organizations struggle to align strategic intent with effective implementation. We adopted a sequential mixed-methods design combining 27 semi-structured interviews with cybersecurity professionals and a survey of 267 experts across industries. The qualitative phase used an inductive approach to identify organizational challenges, whereas the quantitative phase employed Partial Least Squares Structural Equation Modeling (PLS-SEM) to test the hypothesized relationships. Results show that information security culture and investment significantly influence both strategic alignment and the technical implementation of ZT. Implementation acted as an intermediary mechanism through which these organizational factors affected governance and compliance outcomes. Strategic commitment alone was insufficient to drive effective implementation without strong cultural support. Qualitative insights underscored the importance of leadership engagement, cross-functional collaboration, and legacy infrastructure readiness in shaping outcomes. The findings emphasize the need for cultural alignment, targeted investments, and process maturity to ensure successful ZT adoption. Organizations can leverage these insights to prioritize resources, strengthen governance, and reduce implementation friction. This research is among the first to empirically investigate ZT implementation through the TOE lens. It contributes to cybersecurity management literature by integrating strategic, cultural, and operational dimensions of ZT adoption and offers practical guidance for decision-makers seeking to institutionalize Zero Trust principles.<\/jats:p>","DOI":"10.3390\/jcp5040099","type":"journal-article","created":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T17:33:21Z","timestamp":1763141601000},"page":"99","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Zero Trust in Practice: A Mixed-Methods Study Under the TOE Framework"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7222-5589","authenticated-orcid":false,"given":"Ang\u00e9lica","family":"Pigola","sequence":"first","affiliation":[{"name":"School of Applied Sciences, State University of Campinas, 1300 Pedro Zaccaria St., Limeira 13484-350, S\u00e3o Paulo, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0631-9800","authenticated-orcid":false,"given":"Fernando de Souza","family":"Meirelles","sequence":"additional","affiliation":[{"name":"Doctoral Program in Information Technology Management, Escola de Administra\u00e7\u00e3o de Empresas de S\u00e3o Paulo Funda\u00e7\u00e3o Getulio Vargas, FGV_EAESP, 9 de Julho Avenue, 2029, S\u00e3o Paulo 01313-902, S\u00e3o Paulo, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,14]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Pigola, A., and Meirelles, F.D.S. (2025). Zero Trust in Cybersecurity: Managing Critical Challenges for Effective Implementation. J. Syst. Inf. Technol., Epub ahead of printing.","DOI":"10.1108\/JSIT-08-2024-0326"},{"key":"ref_2","unstructured":"Kindervag, J. (2016). No More Chewy Centers: The Zero Trust Model of Information Security, Forrester Research. Available online: https:\/\/crystaltechnologies.com\/wp-content\/uploads\/2017\/12\/forrester-zero-trust-model-information-security.pdf."},{"key":"ref_3","unstructured":"Winckless, C., Proctor, P., and Lintemuth, T. (2024, June 25). Outcome-Driven Metrics You Can Use to Evaluate Your Zero-Trust Initiative 2023. Available online: https:\/\/www.gartner.com\/document\/4842431?ref=solrAll&refval=400273523&."},{"key":"ref_4","unstructured":"Kindervag, J. (2010). Build Security into Your Network\u2019s Dna: The Zero Trust Network Architecture, Forrester Research. Available online: http:\/\/www.virtualstarmedia.com\/downloads\/Forrester_zero_trust_DNA.pdf."},{"key":"ref_5","unstructured":"Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2024, June 25). Zero Trust Architecture; National Institute of Standards and Technology, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-207.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"102281","DOI":"10.1016\/j.wpi.2024.102281","article-title":"Trust in Information Security Technology: An Intellectual Property Analysis","volume":"78","author":"Pigola","year":"2024","journal-title":"World Pat. Inf."},{"key":"ref_7","unstructured":"Winckless, C., and Olyaei, S. (2024, June 25). How to Decipher Zero Trust for Your Business 2022. Available online: https:\/\/www.gartner.com\/document\/4014435?ref=solrAll&refval=357881086."},{"key":"ref_8","unstructured":"Hankins, W., Smith, Z., McQuaid, A., and Fazal, N. (2024, June 25). The CISO\u2019s Conversation Guide to Zero Trust. Available online: https:\/\/www.gartner.com\/en\/doc\/799106-cisos-conversation-guide-to-zero-trust."},{"key":"ref_9","unstructured":"Koeppen, D., and Watts, J. (2024, April 07). Implement Zero-Trust Network Access Through a Life Cycle Approach. Available online: https:\/\/www.gartner.com\/en\/documents\/5398563."},{"key":"ref_10","unstructured":"D\u2019Hoinne, J., and Shoard, P. (2024). Use the U.S. DoD Model for Your Zero Trust Approach: Visibility & Analytics Pillar, Gartner. Available online: https:\/\/www.gartner.com\/document\/5124931?ref=solrAll&refval=395625636&."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"650","DOI":"10.1007\/978-3-031-54053-0_43","article-title":"Zero Trust and Compliance with Industry Frameworks and Regulations: A Structured Zero Trust Approach to Improve Cybersecurity and Reduce the Compliance Burden","volume":"Volume 921","author":"Arai","year":"2024","journal-title":"Advances in Information and Communication"},{"key":"ref_12","unstructured":"(2024, April 08). Google A New Approach to Enterprise Security. BeyondCorp 2018. Available online: https:\/\/www.beyondcorp.com\/."},{"key":"ref_13","unstructured":"Shenouda, J. (2024, April 07). Zero Trust Architecture Implementation Across Industries 2024. Available online: https:\/\/www.cyber-consult.org\/zero-trust-architecture-implementation-across-industries."},{"key":"ref_14","first-page":"2077","article-title":"Implementation of Zero Trust Security in MSME Enterprise Architecture: Challenges and Solutions","volume":"8","author":"Rahman","year":"2024","journal-title":"Sink. J. Penelit. Tek. Inform."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"103161","DOI":"10.1016\/j.adhoc.2023.103161","article-title":"ZT-Access: A Combining Zero Trust Access Control with Attribute-Based Encryption Scheme against Compromised Devices in Power IoT Environments","volume":"145","author":"Huang","year":"2023","journal-title":"Ad Hoc Netw."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"19487","DOI":"10.1109\/ACCESS.2023.3248622","article-title":"A Comprehensive Framework for Migrating to Zero Trust Architecture","volume":"11","author":"Phiayura","year":"2023","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"103412","DOI":"10.1016\/j.cose.2023.103412","article-title":"Zero Trust Cybersecurity: Critical Success Factors and A Maturity Assessment Framework","volume":"133","author":"Yeoh","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3430","DOI":"10.1080\/00207543.2021.1884311","article-title":"The Zero-Trust Supply Chain: Managing Supply Chain Risk in the Absence of Trust","volume":"59","author":"Collier","year":"2021","journal-title":"Int. J. Prod. Res."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"103827","DOI":"10.1016\/j.cose.2024.103827","article-title":"Multivocal Literature Review on Zero-Trust Security Implementation","volume":"141","author":"Itodo","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_20","first-page":"301352","article-title":"The Case for Zero Trust Digital Forensics","volume":"40","author":"Neale","year":"2022","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_21","unstructured":"Uttecht, K.D. (2020). Zero Trust (ZT) Concepts for Federal Government Architectures, Massachusetts Institute of Technologies, Lincoln Laboratory. Available online: https:\/\/apps.dtic.mil\/sti\/citations\/AD1106904."},{"key":"ref_22","unstructured":"Tornatzky, L.G., and Fleischer, M. (1990). The Processes of Technological Innovation, Lexington Books."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Van Klyton, A., Tavera-Mesias, J., Duque, K., and Agyapong, A. (2025). Trust Dynamics for AI Implementation in High-Barrier Environments: The Moderating Effect of Government Involvement. Inf. Technol. People, Epub ahead of printing.","DOI":"10.1108\/ITP-08-2024-1004"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"4227","DOI":"10.1108\/ECAM-08-2023-0782","article-title":"Exploring Critical Success Factors for Digital Transformation in Construction Industry\u2013Based on TOE Framework","volume":"32","author":"Zhong","year":"2024","journal-title":"Eng. Constr. Arch. Manag."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"100796","DOI":"10.1016\/j.adro.2021.100796","article-title":"Emerging Cybersecurity Threats in Radiation Oncology","volume":"6","author":"Joyce","year":"2021","journal-title":"Adv. Radiat. Oncol."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1108\/BL-12-2016-0044","article-title":"Revisiting Technology-Organization-Environment (T-O-E) Theory for Enriched Applicability","volume":"30","author":"Awa","year":"2017","journal-title":"Bottom Line"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"103986","DOI":"10.1016\/j.jretconser.2024.103986","article-title":"Building a Sustainable Future with Enterprise Metaverse in a Data-Driven Era: A Technology-Organization-Environment (TOE) Perspective","volume":"81","author":"Kumar","year":"2024","journal-title":"J. Retail. Consum. Serv."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1108\/09593841111158365","article-title":"The Adoption and Continued Usage Intention of RFID: An Integrated Framework","volume":"24","author":"Hossain","year":"2011","journal-title":"Inf. Technol. People"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Nguyen, T.H., Le, X.C., and Vu, T.H.L. (2022). An Extended Technology-Organization-Environment (TOE) Framework for Online Retailing Utilization in Digital Transformation: Empirical Evidence from Vietnam. J. Open Innov. Technol. Mark. Complex., 8.","DOI":"10.3390\/joitmc8040200"},{"key":"ref_30","first-page":"43","article-title":"Understanding the Technological-Organizational-Environmental Concepts on SMEs\u2019 Performance in Emerging Market","volume":"1","author":"Prakasa","year":"2024","journal-title":"KnE Soc. Sci."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"229","DOI":"10.12700\/APH.20.6.2023.6.13","article-title":"Fighting Insider Threats, with Zero-Trust in Microservice-Based, Smart Grid OT Systems","volume":"20","author":"Stanojevic","year":"2023","journal-title":"Acta Polytech. Hung."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"893","DOI":"10.1108\/JEIM-03-2016-0079","article-title":"Integrated Technology-Organization-Environment (T-O-E) Taxonomies for Technology Adoption","volume":"30","author":"Awa","year":"2017","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1287\/isre.12.3.304.9708","article-title":"Research Report: Empirical Test of an EDI Adoption Model","volume":"12","author":"Chwelos","year":"2001","journal-title":"Inf. Syst. Res."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"603","DOI":"10.1111\/j.1540-5915.1993.tb01295.x","article-title":"An Empirically Derived Model for the Adoption of Customer-based Interorganizational Systems","volume":"24","author":"Grover","year":"1993","journal-title":"Decis. Sci."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1108\/17410390910922859","article-title":"Development of Measures to Assess the ERP Adoption of Small and Medium Enterprises","volume":"22","author":"Shiau","year":"2009","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1057\/palgrave.ejis.3000475","article-title":"Electronic Business Adoption by European Firms: A Cross-Country Assessment of the Facilitators and Inhibitors","volume":"12","author":"Zhu","year":"2003","journal-title":"Eur. J. Inf. Syst."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/S0167-9236(02)00191-4","article-title":"Critical Factors Influencing the Adoption of Data Warehouse Technology: A Study of the Banking Industry in Taiwan","volume":"37","author":"Hwang","year":"2004","journal-title":"Decis. Support Syst."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1287\/isre.1050.0045","article-title":"Post-Adoption Variations in Usage and Value of E-Business by Organizations: Cross-Country Evidence from the Retail Industry","volume":"16","author":"Zhu","year":"2005","journal-title":"Inf. Syst. Res."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1108\/JSTPM-04-2014-0012","article-title":"Integrating TAM, TPB and TOE Frameworks and Expanding Their Characteristic Constructs for e-Commerce Adoption by SMEs","volume":"6","author":"Awa","year":"2015","journal-title":"J. Sci. Technol. Policy Manag."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"147","DOI":"10.2307\/2095101","article-title":"The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields","volume":"48","author":"DiMaggio","year":"1983","journal-title":"Am. Sociol. Rev."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"166","DOI":"10.1108\/09685220910964027","article-title":"E-commerce Usage and Business Performance in the Malaysian Tourism Sector: Empirical Analysis","volume":"17","author":"Salwani","year":"2009","journal-title":"Inf. Manag. Comput. Secur."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"3178760","DOI":"10.1155\/2022\/3178760","article-title":"A Maturity Framework for Zero-Trust Security in Multiaccess Edge Computing","volume":"2022","author":"Ali","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Smolji\u0107, M. (2024, January 20). European Union Directives, National Regulations, and Zero Trust Network Architecture. Proceedings of the 2024 47th MIPRO ICT and Electronics Convention (MIPRO), Opatija, Croatia. Available online: https:\/\/ieeexplore.ieee.org\/document\/10569809\/.","DOI":"10.1109\/MIPRO60963.2024.10569809"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Calder, A., and Watkins, S. (2012). IT Governance: An International Guide to Data Security and ISO27001\/ISO27002, Kogan Page. [5th ed.].","DOI":"10.2307\/j.ctt5hh4qg"},{"key":"ref_45","unstructured":"Winckless, C., and MacDonald, N. (2024, April 12). Explaining Zero Trust Security Approaches to Tech Executives 2023. Available online: https:\/\/www.gartner.com\/document\/4755131?ref=solrAll&refval=405938953&."},{"key":"ref_46","unstructured":"Durbin, S. (2025, May 25). What\u2019s Zero Trust, and What\u2019s Driving Its Adoption?. Available online: https:\/\/www.forbes.com\/councils\/forbesbusinesscouncil\/2022\/06\/01\/whats-zero-trust-and-whats-driving-its-adoption\/."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Lund, B.D., Lee, T.H., Wang, Z., Wang, T., and Mannuru, N.R. (2024, April 12). Zero-Trust Cybersecurity: Procedures and Considerations in Context 2024. Available online: https:\/\/www.preprints.org\/manuscript\/202408.0628\/v1.","DOI":"10.2139\/ssrn.4934748"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Sarfraz, M., and Ul Hassan Shah, W. (2024). Organizational Culture Change and Technology: Navigating the Digital Transformation. Business, Management and Economics, IntechOpen.","DOI":"10.5772\/intechopen.111316"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1257\/pol.20210309","article-title":"Regulating privacy online: An economic evaluation of the GDPR","volume":"16","author":"Goldberg","year":"2024","journal-title":"Am. Econ. J. Econ Polic."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"284","DOI":"10.1016\/j.techfore.2018.02.014","article-title":"Evolution of the Open Innovation Paradigm: Towards a Contingent Conceptual Model","volume":"132","author":"Lopes","year":"2018","journal-title":"Technol. Forecast. Soc. Change"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"897","DOI":"10.2307\/256344","article-title":"Organizational Assimilation of Innovations: A Multilevel Contextual Analysis","volume":"31","author":"Meyer","year":"1988","journal-title":"Acad. Manag. J."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1016\/S1353-4858(21)00063-5","article-title":"Applying the Principles of Zero-Trust Architecture to Protect Sensitive and Critical Data","volume":"2021","author":"Greenwood","year":"2021","journal-title":"Netw. Secur."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"4482","DOI":"10.1108\/ECAM-12-2022-1131","article-title":"Cybersecurity Effectiveness in UK Construction Firms: An Extended McKinsey 7S Model Approach","volume":"31","author":"Badi","year":"2023","journal-title":"Eng. Constr. Arch. Manag."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"1713","DOI":"10.1007\/s10796-022-10280-7","article-title":"Examining the Relationship between National Cybersecurity Commitment, Culture, and Digital Payment Usage: An Institutional Trust Theory Perspective","volume":"25","author":"Krishna","year":"2023","journal-title":"Inf. Syst. Front."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"72420","DOI":"10.1109\/ACCESS.2024.3402341","article-title":"The Role of Information Security Culture in Zero Trust Adoption: Insights From UAE Organizations","volume":"12","author":"Zyoud","year":"2024","journal-title":"IEEE Access"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Haddon, D.A.E. (2021). Zero Trust Networks, the Concepts, the Strategies, and the Reality. Strategy, Leadership, and AI in the Cyber Ecosystem, Elsevier. Available online: https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/B978012821442800001X.","DOI":"10.1016\/B978-0-12-821442-8.00001-X"},{"key":"ref_57","unstructured":"Cummings, T.G., and Worley, C.G. (2005). Organization Development and Change, Thomson\/South-Western. [8th ed.]."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"57143","DOI":"10.1109\/ACCESS.2022.3174679","article-title":"Zero Trust Architecture (ZTA): A Comprehensive Survey","volume":"10","author":"Syed","year":"2022","journal-title":"IEEE Access"},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1287\/isre.2017.0714","article-title":"Real Options Models for Proactive Uncertainty-Reducing Mitigations and Applications in Cybersecurity Investment Decision Making","volume":"29","author":"Benaroch","year":"2018","journal-title":"Inf. Syst. Res."},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Garc\u00eda-S\u00e1nchez, E., Garc\u00eda-Morales, V., and Mart\u00edn-Rojas, R. (2018). Influence of Technological Assets on Organizational Performance through Absorptive Capacity, Organizational Innovation and Internal Labour Flexibility. Sustainability, 10.","DOI":"10.3390\/su10030770"},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"1315","DOI":"10.1007\/s10490-023-09882-9","article-title":"The Catalytic Role of \u201cResponsible Investments\u201d in Innovation and Firm Performance Link: In the Context of Manufacturing in Asia-Pacific","volume":"41","author":"Dhaigude","year":"2024","journal-title":"Asia Pac. J. Manag."},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1108\/JBS-06-2020-0116","article-title":"Cybersecurity: Investing for Competitive Outcomes","volume":"43","author":"Kosutic","year":"2022","journal-title":"J. Bus. Strat."},{"key":"ref_63","unstructured":"Kumar, V., Chaisiri, S., and Ko, R. (2017). Understanding Software-Defined Perimeter. Data Security in Cloud Computing, Institution of Engineering and Technology. Available online: https:\/\/digital-library.theiet.org\/content\/books\/10.1049\/pbse007e_ch7."},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1207\/S15327744JOCE1302_2","article-title":"A Meta-Analysis of Research on Information Technology Implementation in Small Business","volume":"13","author":"Premkumar","year":"2003","journal-title":"J. Organ. Comput. Electron. Commer."},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1108\/jeim.2009.08822aaa.001","article-title":"Knowledge Management and Enterprise Systems Adoption by SMEs","volume":"22","author":"Dwivedi","year":"2009","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_66","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1108\/JEIM-05-2013-0024","article-title":"Determinant Factors of Information Communication Technology (ICT) Adoption by Government-owned Universities in Nigeria: A Qualitative Approach","volume":"26","author":"Eze","year":"2013","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"115","DOI":"10.2753\/MIS0742-1222300305","article-title":"Evolution of Governance: Achieving Ambidexterity in IT Outsourcing","volume":"30","author":"Cao","year":"2013","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"287","DOI":"10.1007\/978-3-030-59635-4_22","article-title":"ZTIMM: A Zero-Trust-Based Identity Management Model for Volunteer Cloud Computing","volume":"Volume 12403","author":"Zhang","year":"2020","journal-title":"Cloud Computing\u2014CLOUD 2020"},{"key":"ref_69","first-page":"110","article-title":"Literature Review of Information Technology Adoption Models at Firm Level","volume":"14","author":"Oliveira","year":"2011","journal-title":"Electron. J. Inf. Syst. Eval."},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"102436","DOI":"10.1016\/j.cose.2021.102436","article-title":"Never Trust, Always Verify: A Multivocal Literature Review on Current Knowledge and Research Gaps of Zero-Trust","volume":"110","author":"Buck","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Madsen, T. (2024). Zero-Trust\u2014An Introduction, CRC Press.","DOI":"10.1201\/9781003464587"},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1109\/TR.2023.3345665","article-title":"Strategy for Implementing of Zero Trust Architecture","volume":"73","author":"Tsai","year":"2024","journal-title":"IEEE Trans. Reliab."},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1016\/j.jss.2014.03.006","article-title":"Assessment of Institutions, Scholars, and Contributions on Agile Software Development (2001\u20132012)","volume":"93","author":"Chuang","year":"2014","journal-title":"J. Syst. Softw."},{"key":"ref_74","doi-asserted-by":"crossref","first-page":"193","DOI":"10.2307\/258434","article-title":"Upper Echelons: The Organization as a Reflection of Its Top Managers","volume":"9","author":"Hambrick","year":"1984","journal-title":"Acad. Manag. Rev."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"713","DOI":"10.1080\/09537325.2020.1840543","article-title":"How Does Knowledge Coupling Affect Exploratory and Exploitative Innovation? The Chained Mediation Role of Organisational Memory and Knowledge Creation","volume":"33","author":"Chen","year":"2021","journal-title":"Technol. Anal. Strateg. Manag."},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"1043","DOI":"10.1136\/amiajnl-2011-000575","article-title":"Mediation of Adoption and Use: A Key Strategy for Mitigating Unintended Consequences of Health IT Implementation: Table 1","volume":"19","author":"Novak","year":"2012","journal-title":"J. Am. Med. Inf. Assoc."},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1108\/TG-01-2024-0025","article-title":"An Extended TOE Framework for Local Government Technology Adoption for Citizen Participation: Insights for City Digital Twins for Collaborative Planning","volume":"19","author":"Adade","year":"2025","journal-title":"Transform. Gov."},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Corradini, I. (2020). Building a Cybersecurity Culture in Organizations: How to Bridge the Gap Between People and Digital Technology, Springer International Publishing. Available online: http:\/\/link.springer.com\/10.1007\/978-3-030-43999-6.","DOI":"10.1007\/978-3-030-43999-6_4"},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Q."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","article-title":"Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialisation, Influence, and Cognition","volume":"51","author":"Ifinedo","year":"2014","journal-title":"Inf. Manag."},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Nassani, A.A., Yousaf, Z., Grigorescu, A., Oprisan, O., and Haffar, M. (2023). Accounting Information Systems as Mediator for Digital Technology and Strategic Performance Interplay. Electronics, 12.","DOI":"10.3390\/electronics12081866"},{"key":"ref_82","doi-asserted-by":"crossref","first-page":"765","DOI":"10.1007\/s12553-022-00671-w","article-title":"Evaluating Value Mediation in Patients with Chronic Low-Back Pain Using Virtual Reality: Contributions for Empirical Research in Value Sensitive Design","volume":"12","author":"Smits","year":"2022","journal-title":"Health Technol."},{"key":"ref_83","doi-asserted-by":"crossref","first-page":"457","DOI":"10.1108\/JEIM-09-2018-0197","article-title":"How Does Business-IT Strategic Alignment Dimension Impact on Organizational Performance Measures: Conjecture and Empirical Analysis","volume":"32","author":"Ilmudeen","year":"2019","journal-title":"J. Enterp. Inf. Manag."},{"key":"ref_84","doi-asserted-by":"crossref","first-page":"773","DOI":"10.5465\/amj.2020.0548","article-title":"Gaining Organizational Adoption: Strategically Pacing the Position of Digital Innovations","volume":"66","author":"Karp","year":"2023","journal-title":"Acad. Manag. J."},{"key":"ref_85","first-page":"113","article-title":"Technology Readiness and Technology Acceptance Model in New Technology Implementation Process in Low Technology SMEs","volume":"8","author":"Larasati","year":"2017","journal-title":"Int. J. Innov. Manag. Technol."},{"key":"ref_86","doi-asserted-by":"crossref","unstructured":"Ilmudeen, A., Attar, R.W., and Alhazmi, A.H. (2025). Managing It Investment and Strategic Alignment for Firm Performance: A Comparative Study in Emerging Economies. Inf. Dev., in press.","DOI":"10.1177\/02666669241312160"},{"key":"ref_87","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1057\/ejis.2013.6","article-title":"Embracing Diversity through Mixed Methods Research","volume":"22","year":"2013","journal-title":"Eur. J. Inf. Syst."},{"key":"ref_88","unstructured":"Creswell, J.W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, SAGE Publications. [4th ed.]."},{"key":"ref_89","doi-asserted-by":"crossref","first-page":"101819","DOI":"10.1016\/j.jsis.2024.101819","article-title":"Does Adopting Inner Source Increase Job Satisfaction? A Social Capital Perspective Using a Mixed-Methods Approach","volume":"33","author":"Stol","year":"2024","journal-title":"J. Strateg. Inf. Syst."},{"key":"ref_90","doi-asserted-by":"crossref","first-page":"21","DOI":"10.25300\/MISQ\/2013\/37.1.02","article-title":"Bridging the Qualitative-Quantitative Divide: Guidelines for Conducting Mixed Methods Research in Information Systems","volume":"37","author":"Venkatesh","year":"2013","journal-title":"MIS Q."},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1109\/MSEC.2021.3091195","article-title":"Zero Trust Architecture: Does It Help?","volume":"19","author":"Bertino","year":"2021","journal-title":"IEEE Secur. Priv."},{"key":"ref_92","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1145\/3561799","article-title":"From Zero to One Hundred: Demystifying Zero Trust and Its Implications on Enterprise People, Process, and Technology","volume":"20","author":"Bush","year":"2022","journal-title":"Queue"},{"key":"ref_93","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1016\/j.jbusres.2019.11.069","article-title":"Assessing Measurement Model Quality in PLS-SEM Using Confirmatory Composite Analysis","volume":"109","author":"Hair","year":"2020","journal-title":"J. Bus. Res."},{"key":"ref_94","doi-asserted-by":"crossref","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies","volume":"88","author":"Podsakoff","year":"2003","journal-title":"J. Appl. Psychol."},{"key":"ref_95","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1287\/mksc.1120.0718","article-title":"Handling Endogenous Regressors by Joint Estimation Using Copulas","volume":"31","author":"Park","year":"2012","journal-title":"Mark. Sci."},{"key":"ref_96","doi-asserted-by":"crossref","first-page":"297","DOI":"10.25300\/MISQ\/2015\/39.2.02","article-title":"Consistent partial least squares path modeling","volume":"39","author":"Dijkstra","year":"2015","journal-title":"MIS Q."},{"key":"ref_97","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.lrp.2014.02.007","article-title":"On the Emancipation of PLS-SEM: A Commentary on Rigdon (2012)","volume":"47","author":"Sarstedt","year":"2014","journal-title":"Long Range Plan."},{"key":"ref_98","doi-asserted-by":"crossref","first-page":"382","DOI":"10.1177\/002224378101800313","article-title":"Structural Equation Models with Unobservable Variables and Measurement Error: Algebra and Statistics","volume":"18","author":"Fornell","year":"1981","journal-title":"J. Mark. Res."},{"key":"ref_99","doi-asserted-by":"crossref","unstructured":"Hair, J.F., Hult, G.T.M., Ringle, C.M., Sarstedt, M., and Danks, N.P. (2022). Partial Least Squares Structural Equation Modeling (PLS-SEM): An Updated and Extended Guide for Researchers and Practitioners, SAGE Publications.","DOI":"10.1007\/978-3-030-80519-7"},{"key":"ref_100","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1509\/jim.17.0151","article-title":"Addressing endogeneity in international marketing applications of partial least squares structural equation modeling","volume":"26","author":"Hult","year":"2018","journal-title":"J. Int. Mark."},{"key":"ref_101","unstructured":"Cohen, J. (1988). Statistical Power Analysis for the Behavioral Sciences, Lawrence Erlbaum Associates. [2nd ed.]."},{"key":"ref_102","unstructured":"Aiken, L.S., and West, S.G. (1991). Multiple Regression: Testing and Interpreting Interactions, Sage. Available online: https:\/\/books.google.com.br\/books?hl=en&lr=&id=LcWLUyXcmnkC&oi=fnd&pg=PP11&dq=108.%09Aiken,+L.S.%3B+West,+S.G.+Multiple+Regression:+Testing+and+Interpreting+Interactions%3B+Sage:+Newbury+Park,+CA,+USA,+1991&ots=fqhd_hWS2h&sig=8OvHzIAnE-aWDU2keXEfJiV4xSo#v=onepage&q&f=false."},{"key":"ref_103","doi-asserted-by":"crossref","first-page":"11786329231213706","DOI":"10.1177\/11786329231213706","article-title":"The Paradigm Shift: Healthcare Embraces a Zero Trust Approach to Cybersecurity","volume":"16","author":"Corpuz","year":"2023","journal-title":"Health Serv. Insights"},{"key":"ref_104","doi-asserted-by":"crossref","first-page":"95","DOI":"10.4135\/9781506335193.n4","article-title":"Pragmatism and the Philosophical Foundations of Mixed Methods Research","volume":"Volume 2","author":"Biesta","year":"2010","journal-title":"Sage Handbook of Mixed Methods in Social and Behavioral Research"},{"key":"ref_105","doi-asserted-by":"crossref","first-page":"1246","DOI":"10.5465\/amr.2007.26586086","article-title":"Methodological Fit in Management Field Research","volume":"32","author":"Edmondson","year":"2007","journal-title":"Acad. Manag. Rev."},{"key":"ref_106","first-page":"1","article-title":"Qualitative Research Methods in Information Systems: A Call for Phenomenon-Focused Problematization","volume":"46","author":"Monteiro","year":"2022","journal-title":"MIS Q. Manag. Inf. Syst."},{"key":"ref_107","unstructured":"Yin, R.K. (2018). Case Study Research and Applications: Design and Methods, Sage. [6th ed.]."},{"key":"ref_108","unstructured":"Corbin, J.M., and Strauss, A.L. (2015). Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, SAGE. [4th ed.]."},{"key":"ref_109","unstructured":"Miles, M.B., and Huberman, A.M. (1994). Qualitative Data Analysis: An Expanded Sourcebook, Sage Publications. [2nd ed.]."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/99\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:13:01Z","timestamp":1763442781000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/99"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,14]]},"references-count":109,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["jcp5040099"],"URL":"https:\/\/doi.org\/10.3390\/jcp5040099","relation":{},"ISSN":["2624-800X"],"issn-type":[{"type":"electronic","value":"2624-800X"}],"subject":[],"published":{"date-parts":[[2025,11,14]]}}}