1. Introduction
Over time, the development of information technology continues to progress, this changes the paradigm of conventional activities into digital activities. Digital transformation provides benefits for organizations or companies and even governments such as increasing the speed and accessibility of communication, performance effectiveness, and operational cost efficiency [
1]. Of course, this is a new opportunity for organizations or companies to be able to improve product quality by utilizing digital technology. However, in addition to providing benefits, digital transformation in business processes also opens up opportunities for information technology security threats such as cyber-attacks on their assets [
2]. Cyber-attacks can range from individual attacks to attacks on confidential company data that can cripple the business processes of an organization or company. To perform unauthorized intrusion into the organization’s existing information technology (IT) or information systems (IS) infrastructure, this can be done through the spread of malware, viruses, ransom ware, and spam on users’ emails, resulting in attempted theft of sensitive data. Data or attacks that are easier to carry out.
The National Cyber Security Operations Center in Indonesia noted that there were millions of cases of cyber-attacks in less than 1 year. Based on these figures, shows the high number of cyber-attacks, and the number of these attacks may continue to increase in the future. The complexity of cyber-attacks continues to grow over time [
3], and the results of a survey conducted on several previous studies show that more than 90% of the security administration staff of organizations have not been able to deal with and make good efforts in dealing with cyber-attacks despite warnings [
4].
The impact and losses caused by cyber-attacks on organizations or companies are very large [
5]. The loss of sensitive data for companies [
6], resulting in a decline in organizational reputation [
7], these are some of the impacts of cyber-attacks that cause economic losses for organizations, both in terms of very high costs and revenues [
8], even greater the impact of losses incurred. It is felt and based on available data, many organizations do not report incidents of cyber-attacks, and this is done to protect the good name of the organization or company [
9].
The high frequency of cyber-attacks and the magnitude of the losses and impacts that must be borne by the organization or company shows how important it is for the organization or company to have good and appropriate cyber security to protect organizational resources. Organizations or companies that have good and appropriate cyber security can improve their reputation [
10] and facilitate the achievement of competitive advantage and organizational performance [
11]. Cyber security is an effort to protect IT and IS assets from illegal access that can damage or alter confidential data and also paralyze business processes [
12]. Cyber security also requires the participation of people, processes, and technology within the organization to protect the organization, people, and IT infrastructure collectively from cyber-attacks [
13]. However, described by Smith et al. [
10] that it takes awareness and shared commitment within organizations to prevent, detect, and counter cyber-attacks before organizations can have cyber security [
13]. This study describes cyber security readiness as the level of cognition, readiness, and organizational support to prevent and fight cyber-attacks [
14]. Organizations that have high IT security readiness, can be sure to have a high level of organizational security to protect their resources. And conversely, the indifference of the organization to cyber security readiness, the more vulnerable and the higher the risk of the threat of cyber-attacks on organizational assets. The reluctance of organizations to adopt cyber security will be a big challenge for organizations to meet the resource requirements to create a level of cyber security to protect company assets [
5]. This situation can harm organizational performance towards organizational profits [
2,
15].
Literature studies show that there are not many previous studies that discuss the effect of cyber security readiness and technology on organizational performance, previous studies tend to examine the role of cyber security in reducing threats and attacks and examine the role of information security management in investment decision making [
16] and updating system security administrative information [
17]. Organizational compliance with cyber security regulations and standards can empower organizations to perform security checks, system checks, backup recovery, and contingency planning [
18,
19,
20,
21]. In previous studies, it was stated that organizations can gain profits and a better reputation if organizations can ensure cyber security within their organizations [
10,
22]. And despite the importance of cyber security readiness and technology readiness in improving organizational performance, there has been no empirical research to determine the impact of cyber security and technology readiness on organizational performance.
Based on previous research focusing on factors that enhance cyber security, several general factors affect cyber security readiness, such as adequate IT infrastructure [
21], executive management commitment [
17], business capabilities [
22], traditions within the organization [
23], collaborating with competitors [
24], establishing relationships with partners [
25], government policies [
26], government support [
27], and industry benchmarks [
28]. The use of the above factors is also based on several theories including institutional theory and macro ergonomics theory, which includes internal organizational factors and ignores the external environment [
17,
21,
27] and prevention theory [
29]. In his research, Quinnley et al. [
30], mentions that the internal and external environmental factors of the organization need to be included in cyber security research. Wang et al. [
31] argued that high-tech people are comfortable with innovative technology, while low-tech people tend to avoid new technology. There are limitations to the research carried out which is the gap between this research and previous research that has not fully understood the broad set of factors to determine its impact on cyber security readiness. This is realized well because of the limitations of the researcher’s perspective which is only based on individual theories from previous research.
Therefore, to solve the problems and limitations presented in this study, a conceptual model was developed to examine all the common factors that affect an organization’s cyber security readiness and their impact on performance at the same time. Thus, this study examines more deeply two perspectives, the first is how an organization’s cyber security readiness affects organizational performance from a security perspective, tangible benefits, and intangible benefits. Then secondly we examine how technology readiness affects organizational performance from the perspective of security, tangible benefits, and intangible benefits.
To find out the main factors that have an impact on the cyber security readiness of an organization, this study uses three variables, namely technology, organization, and environment [
32,
33,
34,
35,
36], while from the aspect of technology readiness it uses four variables, namely optimism, innovation, discomfort, and insecurity. These variables are then integrated into a holistic, robust, and flexible framework that is used at the organizational level [
33] which covers all perspectives of the organization both internal and external. Furthermore, the use and technology aspects of this framework are supported by strong empirical methods in previous studies of corporate information systems [
17,
37,
38,
39,
40,
41]. Furthermore, the flexible nature of this framework allows for the addition of new variables and theories within a single study.
To answer whether organizational cyber security readiness and technology readiness affect organizational performance from a security perspective [
42,
43], tangible and intangible benefits, it is necessary to examine the impact of organizational cyber security readiness and technology readiness on the performance of tangible and intangible benefits [
44], mediated by cyber security performance.
Therefore, this research is expected to be able to examine in depth the key factors that affect an organization’s cyber security readiness, so that it can contribute and provide recommendations to organizations that use cyber security to protect assets and improve company performance.
6. Discussion
To answer the question in this study, namely whether organizational cyber security readiness and technology readiness affect organizational performance from a security perspective, tangible and intangible benefits. So the findings in this study will be discussed in detail in the following discussion:
Technological factors, the test results show the influence of technological factors on the readiness of the organization to maintain its cyber infrastructure and services. This is in line with the research of Kong et al. [
16] that a good IT infrastructure can encourage organizations to increase their preparedness in the face of cyber-attacks. Therefore, the organization’s special attention to the development of IT infrastructure is an important factor that can be utilized by organizations to increase organizational readiness to protect organizational resources from cyber-attacks. Organizations can grow their IT infrastructure by ensuring the availability of IT experts, IT tools, and software applications that businesses need to maintain and manage cyber security. Organizations can also improve cyber security readiness by making the most of their IT resources.
Organizational factors, the test results show that organizational factors influence organizational readiness to maintain cyber security infrastructure and services. This finding is in line with the results of previous studies which explained that organizations need to ensure top management provides support and commitment to security [
17,
20,
25,
56]. Top management’s contribution as a form of support for the organization’s cyber security can be demonstrated in the form of cyber security regulations, policies, strategies, and standards. Hsu et al. [
17] in their research explained that compliance with information security behavior is influenced by competence and commitment, and compliance with cyber security policies and intention to violate among employees affects cyber security readiness [
24,
57,
95]. Therefore, the results of this study support the results of studies in previous studies that having skilled human resources in cyber security management can affect the cyber security readiness of an organization. Therefore, organizations can improve employee skills in managing cyber security by providing cyber security skills training to the IS team regularly and ensuring the availability of resources that support the training process.
This study also shows the results that an organization’s cyber security readiness is influenced by organizational culture, where organizations that have good cultural support will be better prepared to face cyber-attacks. These findings support the findings of previous studies examining cyber security innovations [
17,
25,
60]. Organizations that are ready to face cyber-attacks and secure organizational resources are organizations that can manage organizational values, beliefs, and habits related to improving organizational cyber security well. Providing support for activities and collaboration across groups and encouraging team members to contribute to cyber security are various ways that organizations can improve organizational culture. In addition, organizations need to provide information about cyber security incidents and failures that occurred in various units, this is to prevent similar incidents from happening again in the future.
Environmental factors, the test results prove that there is an environmental influence on the organization’s readiness to maintain the organization’s cyber infrastructure and services. This finding supports the findings of previous research which explains that good cooperation between organizations, suppliers, and business partners can increase organizational readiness to face cyber-attacks [
29,
96,
97]. Activities that can be carried out to create good relations between the organization and stakeholders in addition to helping each other but can also be done by communicating openly for security accountability. In addition to the organization’s collaboration with suppliers and partners in this study, it was found that government regulations and organizational compliance with industry standards have a significant impact on the organization’s cyber security readiness. This finding supports the findings of previous studies examining cyber security rule violations and the protection of critical infrastructure [
30,
34]. Organizational compliance with cyber security laws and regulations as well as compliance with industry standards have proven to make organizations better prepared for the threat of cyber-attacks. The organization believes that government support and industry-standard guidance can reduce the risk of cyber-attack incidents. This shows the important role of government support for cyber security readiness which is manifested in regulations and laws as well as organizational compliance with business rules and laws that have been issued by the government. In addition, it is also important for organizations to follow industry standards that have been set as best practices and guidelines for combating cyber-attacks and it is proven that compliant organizations are better prepared to deal with cyber-attacks and increase organizational readiness to protect their IT resources.
Furthermore, it is seen that both cyber security and technology readiness have a significant influence on organizational security performance. This finding is in line with the research results of Angst et al. [
23], and Wang, et al [
31]. The findings also suggest that increased cyber security readiness and technology readiness can help organizations to gain an edge in organizational security performance. Reduced data breaches, good security reputation, increased security of internal processes, and reliable systems for processing information, are some of the security performance advantages that companies achieve by increasing cyber security and technology readiness. In addition, this study proved that there is a significant effect of organizational security performance on the performance of tangible and intangible benefits, this result is under the findings of Eccles et al. [
72]. The results show that achieving superior performance in organizational security brings with it superior material benefits such as sales and revenue growth and intangible performance, namely good corporate image and reputation, customer loyalty, and competitive position.
7. Conclusions and Research Implications
Organizations are expected to have cyber security preparedness, given the risk of cyber-attack threats that continue to increase all the time. This study examines the factors that affect cyber security readiness as well as technology readiness by integrating these factors into a comprehensive framework. This finding proves that all factors have a significant impact on cyber security and technology readiness. Therefore, the findings of this study have provided new knowledge for organizations to properly manage and maintain key factors to ensure organizational cyber security readiness. In addition, this study also proves that cyber security readiness and technology have a significant influence on the performance of organizational tangible and intangible benefits mediated by organizational security readiness. And overall, this research adds to cyber security research and practice. In this study, there are still shortcomings that need to be corrected in further research. Some of the shortcomings in this study are the limited scope of research which is only limited to Indonesia, so that future research can consider organizations from other countries when the factors studied in this study have different levels of meaning and context. Furthermore, based on the test results, collaboration with competitors is known to have a significant impact on cyber security readiness, there is no concern and suspicion of fraud attempts by competitors, avoidance of sharing knowledge of security ideas and skills with competitors and privacy concerns allow collaboration with competitors to have a significant impact about cyber security readiness. Therefore, studies that will be carried out in the future can examine in depth the influence of competitor collaboration on cyber security readiness. In this study using a quantitative approach where data collection is done through online questionnaires, further research can complement it with qualitative research to increase a deeper understanding of various factors that can affect organizational security readiness and performance. And lastly, further research is expected to be able to examine more deeply cyber security readiness, technology readiness, and its influence on overall organizational performance.
In the research conducted, the researcher proposes a conceptual model to determine cyber security readiness, organizational technology readiness, and its impact on organizational security performance. This research contributes knowledge for other researchers who will study cyber security can use the conceptual model proposed in this study by combining several theories. Therefore, this study also helps future researchers to more easily understand the relationship between cyber security readiness, technology readiness, and performance by conducting an empirical study on the effect of cyber security readiness on the performance of tangible and intangible benefits mediated by organizational security performance. Meanwhile, this research has impact to the society because the good cooperation and good organization will be achieved. it also increases the social cooperation responsibility. This research can complement previous research that has been done and prove that cyber security readiness and organizational technology readiness can improve security performance, tangible and intangible benefits of organizations. In addition, this research also practically highlights the importance of three factors that empirically show the impact on cyber security readiness, as well as the four main factors that influence technology readiness. If the organization wants the organization’s cyber security to be well maintained, then the organization must pay more attention to managing these important factors. In addition, organizations must also ensure that there is support from executive management and organizational culture that is directed at cyber security attacks to reduce the risk of threats of attacks on company resources that can negatively impact company performance. Top management support can motivate for organizations to be able to develop appropriate strategies and guidelines for managing organizational cyber security. An organization’s compliance with industry standards, regulations, and laws set by the government to protect an organization from cyber-attacks can improve an organization’s cyber security preparedness. Ultimately, the results of this study can help organizations determine the relationship between cyber security readiness, technology readiness, tangible benefits, and intangible benefits. This is to encourage organizations to pay more attention to cyber security management strategies and cyber security guidelines that are right for business so that organizations are better prepared to face cyber-attacks and provide positive business benefits by achieving superior business performance.
Furthermore, this study limited the constructed variable of cyber security adoption to the three concept variables, namely technology context, organizational context, and environment context. In the future, other contexts such as the government context can be added, government is considered as the important variable since it cannot be separated from the basic of public policy which in turn has a significant impact on the in fluency of cyber security adoption. At the same time, it is possible to the future research to compare the state in different countries, even different continents, it gives the possibility of comparison depending on the level of development of the country as well as other factors that influence the level of cyber security, such as regional conflicts on local or international scope.