Unlocking complementary assets in digital security

Abstract: Due to increased risk of cyberattacks, digital security (DS, hereinafter) is one of the leading challenges facing organizations today. New ways of working and technologies such as agile and the cloud have accelerated security risks with profound implications. Regulators have implemented a range of security regulations for firms to comply with such as NIS, NIS2, DORA, and GDPR. However, there is still a lack of clear guidance on organizational best practices to manage DS resources in a constantly evolving threat and regulatory landscape. By drawing from management literature on the resource-based view and dynamic capabilities, this study aims to fill the gap in DS research through an explorative, qualitative study using complementary assets as a conceptual framework. The empirical results highlight that organizations that successfully convert generalized complementary assets into specialized and cospecialized assets are in a better position to address DS threats and regulatory changes. The conversion process is supported by external consultants and AI vendors at the intrafirm level and through external collaborations at the interfirm level. Finally, this study underscores the importance of orchestration of complementary assets and highlights the need to determine an optimum level of (co)specialization.