Cybersecurity effectiveness in UK construction firms: an extended McKinsey 7S model approach

Abstract

Purpose–Thisstudyaimstoassesstheessentialelementsofinternalorganisationalcapabilitythatinfluence the cybersecurity effectiveness of a construction firm. An extended McKinsey 7S model is used to analyse the relationship between a construction firm’s cybersecurity effectiveness and nine internal capability elements: shared values, strategy, structure, systems, staff, style, skills, relationships with third parties and regulatory compliance. Design/methodology/approach– Based on a quantitative research strategy, this study collected data through a cross-sectional survey of professionals working in the construction sector in the United Kingdom (UK). The collected data was analysed using descriptive and inferential statistical methods. Findings–Thefindingsunderlinedsystems,regulatorycompliance,staffandthird-partyrelationships asthe most significant elements of internal organisational capability influencing a construction firm’s cybersecurity effectiveness, organised in order of importance. Researchlimitations/implications– Future research possibilities are proposed including the extension of the proposed diagnostic model to consider additional external factors, examining it under varying industrial relationship conditions and developing a dynamic framework that helps improve cybersecurity capability levels while overseeing execution outcomes to ensure success. Practical implications– The extended McKinsey 7S model can be used as a diagnostic tool to assess the organisation’s internal capabilities and evaluate the effectiveness of implemented changes. This can provide specific ways for construction firms to enhance their cybersecurity effectiveness. Originality/value– This study contributes to the field of cybersecurity in the construction industry by empirically assessing the effectiveness of cybersecurity in UK construction firms using an extended McKinsey 7S model. The study highlights the importance of two additional elements, third-party relationships and construction firm regulatory compliance, which were overlooked in the original McKinsey 7S model. By utilising this model,thestudydevelopsaconciseresearchmodelofessentialelementsofinternalorganisational capability that influence cybersecurity effectiveness in construction firms.