Complementary Resource Effects Across Organizational Boundaries and the Remediation of Security Incidents

Organizations experience frequent cyber-attacks, and recovery comes at a high cost. Of especially high concern are those breaches involving inter-organizational networks, since repercussions can quickly spread across organizations. We report on a case study of such a security incident. Inter-organizational cooperation was required to detect the scope of the breach and to recover from its effects. Drawing on the resource based view (RBV), we propose that effective response to security incidents relies on bundles of complementary resources (assets and capabilities) available to the cooperating parties. We identify institutional, technical, and organizational resources used during incident response, and analyze to what extent each was complementary to or non-compatible with other resources. Our findings suggest that resources can be complementary in some situations and not complementary in other situations. We identify specific forms of non-compatibility, and offer suggestions for further research which would aim to help organizations assemble resource bundles to effectively respond to network breaches that can impact inter-organizational relationships.