This research explores the development and implementation of post-data breach strategies in organizations, focusing on the differences between public and private sectors. By examining various approaches to strategy formation, the study provides insights into enhancing data breach response capabilities. The research employed a multi-case study approach, involving interviews with Chief Information Security Officers (CISOs) and Data Protection Officers (DPOs) from various organizations. The main findings reveal that public and private organizations differ subtly in their strategy formation processes, with common challenges such as resource allocation, preparation, awareness, and conflict of interest. Internal and external influences, including organizational structure, sector, IT capabilities, regulatory requirements, and stakeholder involvement, play crucial roles in shaping post-data breach strategies. Organizations adopt a mixed-mode approach, combining planning, adaptive, and entrepreneurial modes to address unexpected incidents and adapt their strategies as new information becomes available. Key factors influencing strategy formation include sector-related influences, regulatory requirements, resource availability, and management involvement. The findings emphasize the importance of tailored approaches based on sector-specific needs, leveraging internal and external influences, and adopting a dynamic strategy formation process to enhance organizational resilience against cyber threats.
- Post-Data Breach
- Post-Breach Strategies
- Public vs Private Organizations
- strategy formation
- strategy formation influences
- Master Business Process management & IT (BPMIT)
Post Data Breach Strategies Formation: A Multi-case study on Post Data Breach Strategy Formation Process in Public and Private Organizations
Maas, I. (Author). 25 Apr 2025
Student thesis: Master's Thesis