TY - JOUR
T1 - Taming Complexity in the Cybersecurity of Multihospital Systems
T2 - The Role of Enterprise-Wide Data Analytics Platforms
AU - Tanriverdi, Hüseyin
AU - Kwon, Juhee
AU - Im, Ghiyoung
N1 - Research Unit(s) information for this publication is provided by the author(s) concerned.
PY - 2025/3/1
Y1 - 2025/3/1
N2 - A widely accepted notion in cybersecurity practice and research posits that complexity is detrimental to cybersecurity. While this notion mainly focuses on IT, the prevalence of complexity extends beyond IT into organizational domains. Whether the assertion that complexity is detrimental to cybersecurity holds true when applied to organizational domains remains largely unexplored. Moreover, “complexity” and “complicatedness” are often used interchangeably to refer to a large number of interconnected components. We build on complexity science to distinguish the two terms: complexity arises from ad hoc, nonlinear interactions among interconnected components, whereas complicatedness arises from structured, linear interactions. The field lacks sufficient understanding of these distinctions and their implications for cybersecurity risks and mitigations. We theorize how an organization’s complicatedness and complexity in both IT and organizational domains influence cybersecurity breaches. Our context of empirical inquiry is multihospital systems (MHSs), a complex organizational form that uses IT in complex ways. Drawing on complexity science, we posit that complicatedness in medical services, health IT, and the governance arrangements of an MHS increases cybersecurity breaches. We also posit that using enterprise-wide data analytics platforms (EWDAPs) to structure and control ad hoc information sharing practices of the complicated units can reduce breaches despite adding more technology components and dependencies to enterprise IT. We tested these ideas in a sample of 445 MHSs in the U.S. spanning from 2009 to 2017. Complicatedness in medical services, health IT, and governance stands out as the primary contributor to cybersecurity breaches in MHSs. Ad hoc, nonlinear interactions contribute to complexity and exacerbate the cybersecurity breach effects of complicatedness. In contrast, structured interactions, exemplified by patient data sharing through an EWDAP, achieve simplification and mitigate the cybersecurity breaches associated with complicatedness. © 2025 University of Minnesota. All rights reserved.
AB - A widely accepted notion in cybersecurity practice and research posits that complexity is detrimental to cybersecurity. While this notion mainly focuses on IT, the prevalence of complexity extends beyond IT into organizational domains. Whether the assertion that complexity is detrimental to cybersecurity holds true when applied to organizational domains remains largely unexplored. Moreover, “complexity” and “complicatedness” are often used interchangeably to refer to a large number of interconnected components. We build on complexity science to distinguish the two terms: complexity arises from ad hoc, nonlinear interactions among interconnected components, whereas complicatedness arises from structured, linear interactions. The field lacks sufficient understanding of these distinctions and their implications for cybersecurity risks and mitigations. We theorize how an organization’s complicatedness and complexity in both IT and organizational domains influence cybersecurity breaches. Our context of empirical inquiry is multihospital systems (MHSs), a complex organizational form that uses IT in complex ways. Drawing on complexity science, we posit that complicatedness in medical services, health IT, and the governance arrangements of an MHS increases cybersecurity breaches. We also posit that using enterprise-wide data analytics platforms (EWDAPs) to structure and control ad hoc information sharing practices of the complicated units can reduce breaches despite adding more technology components and dependencies to enterprise IT. We tested these ideas in a sample of 445 MHSs in the U.S. spanning from 2009 to 2017. Complicatedness in medical services, health IT, and governance stands out as the primary contributor to cybersecurity breaches in MHSs. Ad hoc, nonlinear interactions contribute to complexity and exacerbate the cybersecurity breach effects of complicatedness. In contrast, structured interactions, exemplified by patient data sharing through an EWDAP, achieve simplification and mitigate the cybersecurity breaches associated with complicatedness. © 2025 University of Minnesota. All rights reserved.
KW - Complexity
KW - Cybersecurity
KW - Enterprise-wide data analytics platforms
KW - Multihospital systems
KW - Complicated IT
KW - Complicated services
UR - http://www.scopus.com/inward/record.url?scp=85218994453&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85218994453&origin=recordpage
U2 - 10.25300/MISQ/2024/17752
DO - 10.25300/MISQ/2024/17752
M3 - RGC 21 - Publication in refereed journal
SN - 0276-7783
VL - 49
SP - 243
EP - 273
JO - MIS Quarterly
JF - MIS Quarterly
IS - 1
ER -