Publication records

This paper sheds fresh light on our 2010 paper How Open Is Innovation by taking into consideration notable developments in innovation over the last decade. The original paper developed four types of openness: sourcing, acquiring, selling, and revealing. Reflecting on important technological, organizational, and societal changes in the past decade, we highlight how these changes prompt novel questions for open innovation. While the core features of the original framework still stands, there are many new questions that have emerged in recent years. We end by chartering a path for future research that emphasizes opportunities, costs and tradeoffs between different modes of open innovation, the need to better understand the nature of data, new organizational designs and legal instruments, and multilevel aspects and relationships that affect the extent and nature of openness.

With permission of Elsevier

Since its foundation 30 years ago, the Federal Office for Information Security (BSI) has developed into an internationally and nationally recognized center of competence for IT security. With a steady increase in tasks, the discussion about the governance of the office has become stronger - many voices are calling for greater independence of the BSI. The article examines the reasons for and options for greater independence of the agency. As a result, it argues for a further development of the agency's governance that represents a balance between independence and political responsibility.

[Seit seiner Gründung vor 30 Jahren hat sich das BSI zu einem international und national anerkannten Kompetenzträger für IT-Sicherheit entwickelt. Mit stetigem Aufgabenzuwachs ist die Diskussion über die Steuerung des Amtes stärker geworden – viele Stimmen fordern eine größere Unabhängigkeit des BSI.]

The article survey the current situation concerning the operative cybersecurity cooperation of public and private-sector entities in Germany and compares it with solutions implemented in the United States, Israel, and the United Kingdom. Subsequent to the analysis, the establishment of trust between the different involved actors is identified as the principal challenge for efficient cooperation in this subject area.

[Der vorliegende Artikel stellt die bisherige Situation der operativen Zusammenarbeit zwischen Staat und Wirtschaft in der Cybersicherheit in Deutschland dar und vergleicht sie mit den Lösungen, die in den USA, Israel und Großbritannien für das gleichlautende Problem gefunden worden sind. Im Anschluss wird die Herstellung von Vertrauen zwischen den beteiligten Akteuren als größte Herausforderung für eine effiziente Zusammenarbeit näher beleuchtet.]

This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international humanitarian and international human rights law applies to cyber operations whose effects have an impact on data. The authors argue that given the persisting ambiguities of traditional concepts such as “object” and “attack” under international humanitarian law, the targeting of content data continues to fall into a legal grey zone, which potentially has wide-ranging ramifications both for the rights of individual civilians and the functioning of civilian societies during situations of conflict. At the same time, much legal uncertainty surrounds the application of human rights law to these contexts, and existing data protection frameworks explicitly exclude taking effect in relation to issues of security. Acknowledging these gaps, the article attempts to advance the debate by proposing a paradigm shift: Instead of taking existing rules on armed conflict and applying them to “data,” we should contemplate applying the principles of data protection, data security, and privacy frameworks to military cyber operations in armed conflict.

Multi-sided platform markets have tendency to “tip”, that is, one MSP takes it all or dominates the market by far. Due to dynamics of these markets it is however challenging to identify which markets will tip and the characteristics of tipping candidates ex-ante (before tipping). The European Commission has expressed the need for a new competition tool to identify and assess the likelihood of tipping. Based on a review of factors that foster and mitigate tipping we propose four key questions that may help in ranking multi-sided platform markets by the likelihood of tipping. Tipping is less likely if there are factors that 1) diminish the value of a growing multi-sided platform, 2) ease smaller rivals’ user acquisition, 3) make smaller rivals attractive to at least some users, and 4) make none of the established platforms stronger via activities in another market.

In this short paper, we discuss the impact of data analytics in services and delineate future research directions for the field. After illustrating how data analytics are transforming different service sectors, we consider the provision of data analysis as a service in its own right. We discuss how the very nature of data and certain features of the machine learning method give rise to new issues and pitfalls for the management of these services, which delineates as many future research directions. We also discuss the co-production of services by humans and machines, and call for more research on responsible data analytics services to tackle some of the most pressing ethical issues in our societies.

Copyright © 2020, INFORMS

Crowdsourcing—asking an undefined group of external contributors to work on tasks—allows organizations to tap into the expertise of people around the world. Crowdsourcing is known to increase innovation and loyalty to brands, but many organizations struggle to leverage its potential, as our research shows. Most often this is because organizations fail to properly plan for all the different stages of crowd engagement. In this paper, we use several examples to explain these challenges and offer advice for how organizations can overcome them.

GitLab is a software company that works “all remote” at the scale of more than 1000 employees located in more than 60 countries. GitLab has no physical office and its employees can work from anywhere they choose. Any step of the organizational life of a GitLab employee (e.g., hiring, onboarding and firing) is performed remotely, except for a yearly companywide gathering. GitLab strongly relies on asynchronous coordination, allowing employees to work anytime they want. After highlighting some of the main practices implemented by GitLab to effectively work all remotely and asynchronously, I asked renowned organizational scientists their thoughts on this interesting case and to question the generalizability of the all remote asynchronous model. Understanding whether and under what conditions this model can succeed can be of guidance for organizational designers that are now considering different remote models in response of the COVID-19 shock and its aftermath.

The World Health Organization seeks effective ways to alert its member states about global pandemics. Motivated by this challenge, we study a public agency’s problem of designing warning policies to mitigate potential disasters that occur with advance notice. The agency privately receives early information about recurring harmful events and issues warnings to induce an uninformed stakeholder to take preemptive actions. The agency’s decision to issue a warning critically depends on its reputation, which we define as the stake- holder’s belief regarding the accuracy of the agency’s information. The agency faces then a trade-off between eliciting a proper response today and maintaining its reputation in order to elicit responses to future events.
We formulate this problem as a dynamic Bayesian persuasion game, which we solve in closed form. We find that the agency sometimes strategically misrepresents its advance information about a current threat in order to cultivate its future reputation. When its reputation is sufficiently low, the agency downplays the risk and actually downplays more as its reputation improves. By contrast, when its reputation is high, the agency sometimes exaggerates the threat and exaggerates more as its reputation deteriorates. Only when its reputation is moderate does the agency send warning messages that fully disclose its private information.
Our study suggests a plausible and novel rationale for some of the false alarms or omissions observed in practice. We further test the robustness of our findings to imperfect advance information, disasters without advance notice, and heterogeneous receivers.

Copyright © 2020, INFORMS

How can a company commit to maximizing stakeholder value while maintaining financial performance? Companies increasingly have the ambition to provide stakeholder value to their owners and shareholders, employees, consumers, suppliers, partners, the environment, and future generations. However, such companies often face difficulties in demonstrating the value they bring to stakeholders, due to the lack of universal methods for assessing their impact. Besides the practical need to develop a method for impact valuation, we researched the existing literature and discovered the lack of a holistic method to evaluate all impacts of a company using a common currency with flexible adaptations at different levels. We developed a new method called Sustainable Business Value (SBV) to address these gaps and enable companies to evaluate their impacts. We tested the SBV in two pilots. The SBV method differs from currently used methods, including sustainability reporting, sustainability rating and indices, and sustainability accounting. SBV can be used for decision-making, portfolio management, benchmarking, stakeholder communication, investor communication, and business development and also provides a comprehensive perspective of a company’s impact across six standardized dimensions. However, further development and standardization of proxies and cross-industry standards are needed.