Moving towards agile cybersecurity incident response: A case study exploring the enabling role of big data analytics-embedded dynamic capabilities

Organizations are at risk of cyber-attacks more than ever before due to the ongoing digitalization of business operations. Industry reports indicate that it is not a matter of if but when organizations become victims of cyber-attacks or breaches. In this research, we argue that organizations must enable agility in their incident response (IR) to quickly respond to diverse cybersecurity threats, and big data analytics (BDA) plays a pivotal role in enabling agility in the IR. Drawing from dynamic capabilities theory, we conducted a field study using a case study approach to examine the following research question: What dimensions of big data analytics-embedded dynamic capabilities enable agility in cybersecurity incident response? We develop a framework that presents five key dimensions of BDA-embedded dynamic capabilities (data consolidation, threat intelligence, incident investigation, analytical skillset, and cybersecurity analytics warehouse) in IR at four specific stages, that is, manual analysis, basic analytics, advanced analytics, and pervasive analytics. The detail of the framework explains how BDA-embedded dynamic capabilities at the pervasive analytics stage enable agility in IR by infusing agile characteristics of flexibility, speed, and learning in IR. This study contributes to the knowledge of IT-embedded dynamic capabilities and cybersecurity IR agility. Detailed recommendations are also provided for potential practitioners.