This study examines the dynamic stages of exploration and exploitation efforts by organizations in their cybersecurity responses using multistate modeling. Using textual data from the annual 10-K reports of S&P 100 organizations, this study uses a combination of text analytics and Markov chain approach to quantify exploration and exploitation in organizational cybersecurity responses. The study models two and four states of exploration and exploitation based on their cybersecurity responses over time and uses a continuous-time Markov chain approach to analyze transitions between states as organizations adapt their responses over time to achieve ambidexterity. The two-state Markov model focuses on the firm-level Exploration and Exploitation states whereas the four-state model captures deeper levels of exploration and exploitation by considering Surviving, Investigating, Reinforcing, and Balancing as possible states for exploration and exploitation of cybersecurity responses. We analyze the dynamics of organizational exploration-exploitation behaviors by modeling longitudinal transition probabilities across different states. Implications for research and practice are discussed.

本研究使用多状态建模检查了组织在其网络安全响应中探索和利用工作的动态阶段。本研究使用来自标准普尔 100 指数组织的年度 10-K 报告的文本数据，结合使用文本分析和马尔可夫链方法来量化组织网络安全响应中的探索和利用。该研究根据网络安全响应随时间推移对两种和四种探索和利用状态进行建模，并使用连续时间马尔可夫链方法来分析状态之间的转换，因为组织会随着时间的推移调整其响应以实现二元性。两态马尔可夫模型侧重于公司层面的探索和利用状态，而四态模型通过将生存、调查、加强和平衡作为探索和利用网络安全响应的可能状态来捕捉更深层次的探索和利用。我们通过对不同状态的纵向转换概率进行建模来分析组织探索-利用行为的动态。讨论了对研究和实践的影响。