This dissertation examines the role of double-loop learning (DLL) in building cybersecurity governance in Industry 4.0 manufacturing organizations. Drawing on Argyris and Schön's organisational learning theory, the research examines actual responses of three high-profile companies—Norsk Hydro, Honda, and Tesla—to major cybersecurity attacks. In contrast to technical repair alone, the research examines the extent to which these organizations learned from their experience, examining whether they examined and redesigned fundamental assumptions, governance arrangements, and cultural norms following cyber incidents. A case study approach was used to analyze the reaction of each firm across three dimensions: the nature of the cybersecurity incident, organisational response, and evidence of double-loop learning. The research showed that firms that undertook double-loop learning were more likely to exhibit long-term resilience through embedding cyber risk in strategic planning, building cross-functional collaboration, and driving a culture of ongoing learning. Norsk Hydro's open communication and cyber governance at the board level, Honda's incorporation of IT and OT security paradigms, and Tesla's anticipatory ethical reaction to insider threats are all examples of double-loop learning in practice. Three major drivers that promote double loop learning were established through the cross-case thematic analysis: (1) the encouragement of transparency and the critical reflection of the organisation on the practices it carries out; (2) the questioning and reconsideration of the internal assumptions and mental models; and (3) the culture that enables continuous learning and adaptive changes. The key value this study adds to the existing body of knowledge is that it provides an insight into how the idea of a double-loop learning can be utilized within the realm of cybersecurity governance; it also addresses the possibility of the presence of the anticipatory learning aspect, which increases the organisational responsiveness to entering dangers organized crime. The research presents actionable policy and practice recommendations for industry leaders, policymakers, and researchers to develop learning-facilitating cybersecurity cultures. Ultimately, the thesis argues that building resilient organizations in the age of Industry 4.0 depends on the ability to learn not just from breaches, but also through continuous reflection and strategic adaptation.
This dissertation examines the role of double-loop learning (DLL) in building cybersecurity governance in Industry 4.0 manufacturing organizations. Drawing on Argyris and Schön's organisational learning theory, the research examines actual responses of three high-profile companies—Norsk Hydro, Honda, and Tesla—to major cybersecurity attacks. In contrast to technical repair alone, the research examines the extent to which these organizations learned from their experience, examining whether they examined and redesigned fundamental assumptions, governance arrangements, and cultural norms following cyber incidents. A case study approach was used to analyze the reaction of each firm across three dimensions: the nature of the cybersecurity incident, organisational response, and evidence of double-loop learning. The research showed that firms that undertook double-loop learning were more likely to exhibit long-term resilience through embedding cyber risk in strategic planning, building cross-functional collaboration, and driving a culture of ongoing learning. Norsk Hydro's open communication and cyber governance at the board level, Honda's incorporation of IT and OT security paradigms, and Tesla's anticipatory ethical reaction to insider threats are all examples of double-loop learning in practice. Three major drivers that promote double loop learning were established through the cross-case thematic analysis: (1) the encouragement of transparency and the critical reflection of the organisation on the practices it carries out; (2) the questioning and reconsideration of the internal assumptions and mental models; and (3) the culture that enables continuous learning and adaptive changes. The key value this study adds to the existing body of knowledge is that it provides an insight into how the idea of a double-loop learning can be utilized within the realm of cybersecurity governance; it also addresses the possibility of the presence of the anticipatory learning aspect, which increases the organisational responsiveness to entering dangers organized crime. The research presents actionable policy and practice recommendations for industry leaders, policymakers, and researchers to develop learning-facilitating cybersecurity cultures. Ultimately, the thesis argues that building resilient organizations in the age of Industry 4.0 depends on the ability to learn not just from breaches, but also through continuous reflection and strategic adaptation.
Double-Loop Learning and Cybersecurity Governance in Industry 4.0: A Case Study Analysis of Norsk Hydro, Honda, and Tesla
AKRAM, NIMRA
2024/2025
Abstract
This dissertation examines the role of double-loop learning (DLL) in building cybersecurity governance in Industry 4.0 manufacturing organizations. Drawing on Argyris and Schön's organisational learning theory, the research examines actual responses of three high-profile companies—Norsk Hydro, Honda, and Tesla—to major cybersecurity attacks. In contrast to technical repair alone, the research examines the extent to which these organizations learned from their experience, examining whether they examined and redesigned fundamental assumptions, governance arrangements, and cultural norms following cyber incidents. A case study approach was used to analyze the reaction of each firm across three dimensions: the nature of the cybersecurity incident, organisational response, and evidence of double-loop learning. The research showed that firms that undertook double-loop learning were more likely to exhibit long-term resilience through embedding cyber risk in strategic planning, building cross-functional collaboration, and driving a culture of ongoing learning. Norsk Hydro's open communication and cyber governance at the board level, Honda's incorporation of IT and OT security paradigms, and Tesla's anticipatory ethical reaction to insider threats are all examples of double-loop learning in practice. Three major drivers that promote double loop learning were established through the cross-case thematic analysis: (1) the encouragement of transparency and the critical reflection of the organisation on the practices it carries out; (2) the questioning and reconsideration of the internal assumptions and mental models; and (3) the culture that enables continuous learning and adaptive changes. The key value this study adds to the existing body of knowledge is that it provides an insight into how the idea of a double-loop learning can be utilized within the realm of cybersecurity governance; it also addresses the possibility of the presence of the anticipatory learning aspect, which increases the organisational responsiveness to entering dangers organized crime. The research presents actionable policy and practice recommendations for industry leaders, policymakers, and researchers to develop learning-facilitating cybersecurity cultures. Ultimately, the thesis argues that building resilient organizations in the age of Industry 4.0 depends on the ability to learn not just from breaches, but also through continuous reflection and strategic adaptation.| File | Dimensione | Formato | |
|---|---|---|---|
|
Akram_Nimra.pdf
Accesso riservato
Dimensione
3.99 MB
Formato
Adobe PDF
|
3.99 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/87209