Cybersecurity Threats in Local Government: A Sociotechnical Perspective

Abstract

The use of information and communication technologies (ICTs) by local governments is widespread and meant to improve managerial effectiveness and public engagement. ICTs are commonly used by governments to collaborate and communicate with stakeholders. Yet, the use of ICTs increases local governments exposure to cyberthreats. Cyberthreats are increasing and local governments are often under-resourced and underprepared for them. While many organizations combat cyberthreats with technological solutions, it is well known that social aspects—including manager vigilance and buy-in—are critical in reducing cyber incidents. Thus, governments require both social and technical solutions to cyberthreats. This research takes a sociotechnical perspective to examine the relationships between social (e.g., values and perceptions) and technical factors (e.g., design and capacity) and cyber incidents in local government. We use data from a 2018 national survey of public managers in 500 U.S. cities, data from city government websites, and the U.S. Census. The results indicate that manager buy-in and perceptions interact with technical aspects to explain reported cyber incidents in government. The findings expand our understanding of how social and technical factors are associated with cyberthreats in government, particularly manager.

Keywords

Local government social media managerial perceptions

Introduction

Local governments use information and communication technologies (ICTs) to enhance government performance by improving managerial effectiveness and public service delivery. Many governments have successfully adopted ICTs to improve service delivery, transparency, and trust. Governments face the challenge of using ICTs to actively engage the public and stakeholders, enhance internal collaboration and coordination efforts, and advance open data initiatives while ensuring the protection of individual rights, privacy, and data security. Technology adoption does not happen in a vacuum. Managers and their organizations adopt and use technologies to advance their goals and interests and in turn technologies shape and alter their individual and organizational practices (Orlikowski, 2000). For example, public organizations have adopted ICTs to advance organizational efficiencies and the achievement of public outcomes, but those same technologies bring increased exposure to cyberthreats. Therefore, governments must balance opportunities with threats and have sufficient manager buy-in to be successful.

According to an Accenture (2016) study, the public sector experiences around 50 times more cybersecurity threats as compared to other industries, leaving governments vulnerable and often lacking the technological capacity and confidence to monitor and limit the threats. Cyberattacks are a growing threat especially for state and city governments who are typically less prepared to combat them. Ransomware attacks have shut down school systems, pipelines, large city governments, and water treatment facilities resulting in excessive government payments to deal with economic fallout and regain control over digital systems and infrastructure (Muggah & Goodman, 2019; Tong & Perlroth, 2021). Nearly 70% of reported ransomware attacks are against state and local governments and result in financial loss, reputational damage, and loss of trust (Muggah & Goodman, 2019). U.S. local governments are particularly vulnerable targets because their digital infrastructures are weak and outdated, they typically do not have strong political support to address cybersecurity, and staff often lack the skills to prepare, prevent, and respond to cyberattacks. Additionally, compared to other nations, the United States lacks a systematic national policy, legislation, and funding to guide cities toward cybersecurity.

Cybersecurity is a key challenge to the success of digital government (Grubmüller et al., 2013) and relates to both individual and organizational factors as technology uptake, use, and effectiveness are inextricably interwoven with social factors, individual perceptions, and organizational capacity (Orlikowski, 2000). Sociotechnical theory notes that technology adoption and use have both social and technical aspects. When organizations adopt technologies, the success, failure, and conditions of that adoption are connected to technology characteristics and organizational features, including social structure. From a sociotechnical perspective, technologies intertwine with individual agency, perceptions, behavior, and social structure (Appelbaum, 1997; Leonardi, 2012).

Empirical research finds that technologies are not always applied how they were originally intended, and their adoption impacts the social structure of organizations (Rice, 1953; Trist & Bamforth, 1951). Individual and organizational use of ICTs expose governments to cyberthreats because they expand digital entry points to the system and the use of third-party applications limit the control agencies have over data protection and privacy (Feeney & Porumbescu, 2020; Mergel, 2013, 2015). Meijer (2015) notes that a lack of technical and financial capacity in government organizations exacerbates digital security and privacy challenges, limiting the success of the ICT and other e-government initiatives. Drawing on socio-technical theory and building on Meijer’s work, we investigate the following research question: how are managerial perceptions of social media, managerial perceptions of open data initiatives, and organizational capacity related to local government managers’ reports of privacy and security threats? We focus on managerial perceptions because public managers often lead social media use in city government and are responsible for regulating and monitoring technical problems (Fusi & Feeney, 2018; Picazo-Vela et al., 2012).

We examine the relationships between social and technical factors and two types of cyber incidents in local government: unauthorized disclosures and disruptive cyberattacks. Unauthorized disclosures include the unauthorized access or misuse of information and the stripping away of the confidentiality of personal data (Bertot et al., 2012; Layne & Lee, 2001; Picazo-Vela et al., 2012; Zavattaro & Sementelli, 2014). Disruptive cyberattacks, as outlined by Simmons et al. (2014), refer to any insertion of malware that disrupts the agency activities, including ransoms or breaches (Bertot et al., 2012). We analyze variation in reports of unauthorized disclosures and disruptive cyberattacks as related to social aspects (e.g., managerial perceptions of social media and open data initiatives) and technology capacity (e.g., social media use, open data efforts, and ICT use for collaborative work purposes). We use data from a 2018 representative survey of U.S. local government managers merged with data from city government websites and the U.S. Census. The findings include that both managerial support for social media use and open data initiatives, and organizational technical capacity are related to cyber incidents in local government.

The paper is organized as follows. We begin with a review of the literature on local government cyberattacks applying a sociotechnical theory lens. Drawing from that literature, we present our hypotheses on the relationships between social and technical factors and cyberthreats. Then, we describe the data and methods. Third, we present the results. We conclude with a discussion of the results and their implications for research and practice.

Literature Review and Hypotheses

E-government initiatives including e-services, social media, and open data efforts offer many benefits such as improving efficiency, public outreach, citizen engagement, transparency, and credibility of public organizations. Yet, there are social and technical challenges to effective ICT adoption and use, especially in the case of interactive social media and open data platforms. Social challenges include convincing leadership and employees to support the adoption of these platforms and initiatives, ensuring electronic tools are used responsibly for their intended purposes, and training staff to effectively monitor, thwart, and report cyber threats and breaches. Technical challenges include building the capacity to adopt, use, and monitor technology and to effectively prepare for and respond to cyberattacks. With each technology (e.g., social media platform, open data portal, internal collaboration tools), there are new opportunities, threats, and capacity demands.

Sociotechnical theory offers a useful lens for considering ICT adoption in public organizations because it recognizes the ever-changing and reinforcing roles of social structures, technological capacity, and technology characteristics in organizational technology use and adoption (Appelbaum, 1997; Leonardi, 2021). Technical aspects can be automated, while social practices such as perceptions, culture, and norms are varied and changing. Managing the social and technical aspects of ICT adoption is particularly challenging for medium and small city governments, which often lack the financial and technical capacity to effectively prepare for and respond to cyberthreats. For example, social media management is a complex task and poor adoption and use can harm work environments and expose organizations to threats (Feeney & Porumbescu, 2020; Mergel, 2014; Zavattaro & Sementelli, 2014). Social media platforms, owned and operated by third parties, introduce potential threats such as accidental private data disclosure, misinformation spread, and hacks. Similarly, open data initiatives—while promising to increase transparency and accountability—require maintaining confidential citizen information, securing original data integrity, and limiting opportunities for data misuse (Beno et al., 2017; Safarov et al., 2017).

Because of their widespread use and the potential to spread misinformation or accidently release personal data, social media platforms and open data portals present challenges for governments where accountability requirements are high (Bertot et al., 2012; Campbell et al., 2014; Fusi & Feeney, 2018; Picazo-Vela et al., 2012; Webber et al., 2012). Additionally, while governments seek to advance open data initiatives, there are challenges of how to produce, share, and protect high volumes of government and citizen data while advancing transparency and accountability goals (Ruijer et al., 2020).

Responding to privacy and security challenges when using technology in government requires advanced technological capacity (Grubmüller et al., 2013). Empirical evidence shows that privacy and security concerns increase when the government is directly involved with e-government tools (Grubmüller et al., 2013). Ensuring privacy and security means that the government protects information, data, and systems against disclosure of personal information and carefully controls access to information (Alshehri & Drew, 2011). Data breaches, ransom, and cyberattacks are costly to governments due to the financial costs, reputational damage, loss of trust, legal and compliance issues, and other negative consequences (Kim, 2017; Webber et al., 2012). Preparing for and addressing these cyberthreats requires technical capacity and managerial awareness of the benefits and threats that come with technology use in the workplace.

We focus on the social and technical factors related to unauthorized disclosures and disruptive cyberattacks. Manager perceptions of both types of cyberthreats are important to understand how technologies can support or hinder government activities (Ngai et al., 2015). Successful implementation of social media tools in government is largely determined by managers and their perceptions of the technology and cyberthreats (Fusi & Feeney, 2018; Karahanna & Straub, 1999). It is the role of the public managers to introduce the technology as well as monitor and understand the risks and possible threats (Picazo-Vela et al., 2012). Yet, many city government leaders undervalue ICT use and are unprepared to effectively respond to cyber incidents.

Social Factors: Managerial Perceptions and Cyber Incidents

Managerial use and perceptions of technology are important predictors of uptake and effective use of technology in the workplace. Technology use, adoption of new technologies, and successful integration of technology in the workplace rely on buy-in from leadership, implementers, and end users. Research indicates that managers play a key role in the success of new technology, as they influence organizations’ policies and practices and can provide a favorable climate by encouraging others to uptake the technology (Damanpour & Schneider, 2009; Fusi & Feeney, 2018; Jeyaraj et al., 2006; Kiron et al., 2012). Technology adoption brings new opportunities but also threats to organizations including concerns about increased workload, nervousness about operating tools, and threats of unknown consequences (Bertot et al., 2012; Fusi & Feeney, 2018). Research shows that effective technology implementation is mainly determined by managers and managerial capacity (Fusi & Feeney, 2018; Horst et al., 2007; Karahanna & Straub, 1999).

Governments are continually under pressure to adopt technologies to increase organizational efficiencies and improve stakeholder engagement. With the advancement of e-government and widespread use of e-services, technologies are improving service delivery, information access, stakeholder interaction, and open data initiatives. Research finds manager perceptions of technology, risk awareness, and cybersecurity are critical to prepare for and prevent cyberattacks in the public sector (Wirtz & Weyerer, 2017). Cybersecurity is not only a function of the IT department or team; employees are crucial to ensuring safe and secure practices on digital platforms and when using personal devices in the workplace (Kim, 2017). In this section, we outline the ways managerial perceptions of social media and open data are related to organizational cybersecurity and outcomes.

Social media technologies are interactive platforms that are typically owned and operated by third parties (e.g., Facebook, Instagram, YouTube). These platforms are somewhat malleable by users—both government agencies and the public (Bertot et al., 2012; Feeney & Welch, 2016). For example, governments use social media to post information, send emergency alerts, or track and identify individuals, while citizens can use them to gather information, request and access services, organize protests, or engage in subversive activities (like hacks or unauthorized data releases). The interactive nature of social media platforms offers governments new opportunities to share information and communicate with communities. Yet, with opportunities come challenges. Widely available interactive features and content, obscured user identities, third party ownership, and questions of data security make social media platforms especially challenging for local governments with low capacity (Feeney & Porumbescu, 2020; Mergel, 2015; Zavattaro & Sementelli, 2014). Social media platforms such as Facebook, Twitter, Instagram, and WhatsApp are third-party platforms that give private owners full knowledge and control over the algorithms, data collected, and activity oversight. While governments often use social media platforms, they do not own or control the platforms and content, limiting their ability to ensure privacy and reduce security risks. Additionally, it may be hard for users to know the difference between advertising, misinformation, and a government source of information on social media platforms (Magro, 2012; Mergel, 2013), thus increasing potential threats.

In addition to the threat of social media platforms being hacked, there is often false information spread through these platforms increasing risks of users disclosing personal information on third party platforms they mistakenly perceive to be government owned and operated (Benson et al., 2015; Kumar & Shah, 2018). These concerns tied to social media platforms are less relevant for other government operated e-government tools (e.g., bills payment) that are more clearly marked and easily associated with the government agency. Decentralizing communication and activities through these third-party platforms increase the risk of leaking protected information (Mergel, 2015). Research finds that the high risk of online network exposure is a key barrier to government social media use (Kavanaugh et al., 2012; Khan et al., 2014).

Given the many challenges facing local governments adopting and effectively using social media platforms and the key role social structures play in technology adoption and successful use, we expect that high levels of support and buy-in among government managers will be critical for the successful use of these initiatives resulting in fewer cyber incidents. Additionally, social trends suggest that individuals are more distrustful of these tools over time, heightening the privacy and security problems (Edmiston, 2003; Putnam, 2000). Based on the previous research, our first hypothesis is:

H1: Positive managerial views of social media will be negatively associated with cyber incidents.

Open data initiatives offer governments a platform for being more transparent and accountable by increasing access to public sector information and opportunities for citizens to follow and participate in the governance process (Virkar & Viale Pereira, 2018). Making government data accessible freely or at minimal cost, promises many benefits to governments including increased accountability and transparency, economic and social value, improved public service delivery and good governance, and increased citizen participation and trust (Safarov et al., 2017; Virkar & Viale Pereira, 2018).

Open government data requires making data available, freely accessible, and convenient and reusable (e.g., machine-readable). Open data initiatives require extensive resources and technical expertise. They offer the promise of increased accountability, transparency, public service, and citizen participation. There is extensive research on the barriers to open data initiatives. The most common barriers are social factors such as a lack of political support or clear regulatory and legal guidance, and lack of bureaucratic support because of the high costs, lack of data maintenance resources, concerns about low quality data, and potential privacy and security threats (Gonzalez-Zapata & Heeks, 2015; Janssen et al., 2012; Ruijer et al., 2020). Beno et al. (2017) note that many providers have concerns about misrepresentation of data, data exposure, loss of privacy, loss of control, data corruption and falsification, and other security threats. Organizations may fear that by providing access to data they are losing control over information and giving up some responsibility, while creating opportunities for others to manipulate and disclose information (Barry & Bannister, 2014; Ruijer et al., 2020).

Given the limited policy guidance and resources provided to governments building and using open data portals and the role social preferences play in their adoption, we expect that high levels of support and buy-in among government managers will be critical for the successful use of these initiatives resulting in fewer cyber incidents. We hypothesize:

H2: Positive managerial views of open data will be negatively associated with cyber incidents.

Technical Factors: Organizational Technology Use and Capacity

As compared to other types of ICTs, social media tools bring a distinct set of privacy and security challenges because the government has little influence over the technological features, operations, and other application characteristics (Feeney & Porumbescu, 2020; Mergel, 2013). Third parties design the tools for targeted purposes, which can change quickly and without notice or input from users and governments. Social media tools increase the risk of unintended consequences due to amplified attention to government operations and decisions (Mergel, 2013) and weak or opaque processes for protecting free speech and limiting harassment (Mondal et al., 2018). Social media platforms expand challenges of managing data ownership and protection; the sheer volume of data and the fast moving, dynamic nature of virtual environments challenge the traditional structural boundaries of government (Bertot et al., 2012; Feeney & Welch, 2016). Public managers face a high degree of uncertainty when using social media platforms, as privacy and security concerns increase management complexity (Fusi & Feeney, 2018).

Public administration researchers are increasingly interested in understanding the implications of social media use for government (Bertot et al., 2012; Fusi & Feeney, 2018; Magro, 2012; Mergel, 2013; Picazo-Vela et al., 2012). Research has focused on the types of social media (Feeney & Welch, 2012), the frequency of their use (Fusi & Feeney, 2018), their intended purposes and outcomes (Feeney & Welch, 2016), and the capacity required for governments to effectively use social media tools (Goldfinch, 2007; Oliveira & Welch, 2013).

The number and frequency of social media use is related to government outcomes. On the one hand, using many platforms can be an indicator of a government with high capacity for technology management. On the other hand, using multiple tools intensely can have negative outcomes including increased complexity, confusion, and perceived overload (Feeney & Welch, 2012). Extensive use of social media platforms increases the need for oversight and monitoring to prevent unintended disclosures, the misuse of data, and other privacy and security threats (Meijer & Torenvlied, 2016).

To prevent cybersecurity problems such as unauthorized disclosure of information, organizations synthesize and monitor digital platforms and information (Goldfinch, 2007; Layne & Lee, 2001). The more active the social media accounts, the more information that requires monitoring and oversight. Increased frequency of social media use can overwhelm a public organization’s monitoring and synthesizing capabilities, thus increasing the threat of cyber incidents. Based on this, our third hypothesis:

H3: Increased intensity of social media use will be positively related to cyber incidents.

Social media use in government is typically described as having three purposes: push, pull, and interact. These purposes range from the most basic, one-way uses of electronic platforms (e.g., posting information) to two-way communication and eventually full interaction with the citizenry (Zheng & Zheng, 2014). Push refers to using social media tools to disseminate information. For example, posting city council meetings and agendas to Facebook or voter registration information on Twitter. Disseminating information on social media platforms increases accessibility, outreach, and transparency (Zheng & Zheng, 2014) and presents few privacy and security threats. Pull refers to receiving input and pulling information from external stakeholders, for example, soliciting comments and input on planning and policies or feedback on service quality. Using social media to pull input has the advantage of more efficient information gathering and potentially tapping audiences not reached by more traditional media (e.g., younger community members, those unable to provide input in person). However, using the platforms for two-way communication can muddle decision-making processes, increasing the amount of time and effort the organization spends to sort information and limit potential security threats (Kavanaugh et al., 2012; Li & Feeney, 2014). The large volume of social data governments must shift through creates excessive noise, which can obscure useful information and increase the amount of time officials spend on any given issue (Kavanaugh et al., 2012).

Interaction refers to using social media to engage in back-and-forth communications with stakeholders, for example, facilitating participation. Increased interactions through social media can further citizen engagement, but also has risks including more complex challenges for local governments (Bertot et al., 2012; Haro-de-Rosario et al., 2018; Li & Feeney, 2014). Compared to push and pull, interaction requires government employees to manage, respond to, and actively work with stakeholders, which increases the overall complexity and can make the operations harder to monitor for any security breaches (Bertot et al., 2012; Feeney & Welch, 2012). Welch et al. (2005) find citizens are generally more demanding of interactive e-government services. If citizens have higher expectations and demands when tools are used for interaction purposes, managers will need more resources and expertise. Governments are using social media platforms differently for push, pull, and interaction purposes, and achieving different outcomes, managerial expectations, and potential threats and benefits (Feeney & Welch, 2016; Oliveira & Welch, 2013).

Social media platforms require varying amounts of resources in terms of personnel and time can carry different security and privacy threats. Pushing out information (e.g., disseminating information to the public) requires fewer resources and presents lower security threats as compared to facilitating stakeholder participation. We expect that social media used for different purposes—push, pull, and interaction—will be differently related to cyber incidents, thus we hypothesize:

H4: Cyber incidents will vary by social media purpose (push, pull, and interaction).

While e-government is often viewed as using digital tools to improve citizen experiences, digital tools also create efficiencies in the workplace, both within and across government agencies. Electronic tools help to increase collaboration, coordination, and information sharing resulting in improved efficiencies and performance (Moon, 2002). Research indicates that city governments are increasingly relying on collaboration tools (e.g., Google Docs), sharing platforms (e.g., DropBox, GoogleDrive), and coordination tools (e.g., shared calendars) and that adoption and use varies by department type and technology capacity (Feeney et al., 2020). While electronic collaboration tools improve work efficiency and communications, using third-party platforms, storing documents in the cloud, and sharing data creates more opportunities for cyberattacks. Growing reliance on technological systems increases vulnerabilities and risks (Wirtz & Weyerer, 2017) and research indicates that a substantial number of cybersecurity incidents are the result of internal failures (Yixin, 2011). Drawing from previous research, our fifth hypothesis is:

H5: Increased use of digital technology for internal work tasks will be positively related to cyber incidents.

Governments can provide access to public sector data through open data portals (e.g., data.gov) to provide public value and improve decision-making by increasing transparency and citizen involvement. Open access to public sector information allows citizens and other agencies to use data to improve their systems but can also lead to privacy and security violations (Virkar & Viale Pereira, 2018; Wang & Shepherd, 2020). Public sector data often contains personally identifiable information and other sensitive information that can be used and manipulated once it is in the public domain (Meijer et al., 2014; Safarov et al., 2017; Virkar & Viale Pereira, 2018). Research finds that during the first phase of data preparation for an open data portal, failing to eliminate all sensitive data can cause security breaches including unintended disclosures (Meijer et al., 2014; Safarov et al., 2017). In general, the data anonymizing process and determining which parts of the data can be released causes managers concerns about data privacy, confidentiality, and misuse (Safarov et al., 2017). Many stakeholders, including managers, perceive open data and the use of open data portals as potential causes of privacy breaches due to the lack of well-defined barriers between public and private information (Toots et al., 2017). Given the social and technical challenges with operating open data portals, we expect that having a data portal will be related to more cyberattacks in local governments and hypothesize that:

H6: Having an open data portal will be positively related to cyber incidents.

Technology capacity is an important organizational aspect that can facilitate or hinder effective government digitization. Technical capacity refers to the lack of tools, resources, and knowhow to operate technological solutions. A lack of resources can result in outdated, inappropriate, or no software, limited personnel training, and other infrastructure and technological limitations (Eynon & Margetts, 2007). Campbell et al. (2014) find that a lack of technical capacity and expertise causes serious barriers to the use of social media platforms for both public and nonprofit organizations. In their literature review of open data research, Beno et al. (2017) find that for some organizations, ensuring privacy and security takes effort and resources that many providers do not have or are unwilling to undertake.

Generally, monitoring digital activities, especially in complex social media environments, is a resource-intensive task (Campbell et al., 2014; Fusi & Feeney, 2018). Similarly, preparing data for sharing and public access requires additional resources to reduce data vulnerabilities (Beno et al., 2017; Janssen et al., 2012) and there can be challenges to monitoring and securing the output when department resources are insufficient (Beno et al., 2017; Toots et al., 2017). Thus, organizations with higher levels of technology capacity should be able to better ensure the protection of data and security of their social media and open data platforms resulting in fewer cyberattacks in local governments. We hypothesize:

H7: Technology capacity will be negatively related to cyber incidents.

Data and Method

We analyze data from a 2018 national survey with a sample frame of 2,500 public managers in 500 U.S. cities, city government websites, and the U.S. Census. The survey was conducted by the Center for Science, Technology and Environmental Policy Studies (CSTEPS) at Arizona State University. The survey was emailed to public managers in local governments with populations ranging between 25,000 and 250,000. The survey is an appropriate method for this study because we are interested in examining public managers’ perceptions of challenges to using social media. The nationally representative sample was drawn from the census of larger cities (populations between 100,000 and 250,000) and a random sample of smaller cities (populations between 25,000 and 99,999). Lead managers from five departments in each city were asked to participate in the study. After removing bad addresses, retired individuals, and open positions, the final sampling frame was reduced to 2,475 public managers. The online survey was administered using Sawtooth Software® from April 18, 2018, to August 7, 2018. A total of 621 managers responded to the survey, which includes partial responses, and 243 were uncontactable. We have a 24.4% response rate, adjusted for ineligible contacts. To test for nonresponse bias, we compared the demographic characteristics (gender, city size, department, and type of government) of the respondents and non-respondents. The results show that there are significant differences in response rates by city size and department. There are significantly more respondents from the Department of Community Development, Parks and Recreation and Police than from the Mayor's office and Finance department. We control for the department to correct for this bias and weighted the data by city population, based on the sampling procedure.

Dependent Variables

We use two dependent variables: perceived unauthorized disclosures and perceived disruptive cyberattacks. To capture cyber incidents, the survey asked respondents to indicate if during the last 12 months their organization had experienced seven types of cybersecurity incidents such as unintended or accidental electronic disclosure of organization information or ransom demand following a cybersecurity attack. Unauthorized disclosure is the average of the following items (Likert scale of agreement or disagreement) designed to capture unintended data disclosures: (a) unintended/accidental electronic disclosure, (b) unauthorized disclosure to media, (c) unauthorized disclosure to citizens/community groups, and (d) unauthorized disclosure to politicians/public officials. Unauthorized disclosure ranges from 0 to 1 with an average of 0.05 and the Cronbach's alpha is 0.80. The variable cyberattacks is the averaged scale of responses to the following three statements about cyberattacks: (a) ransom demand following a cybersecurity attack, (b) attempted security breach, and (c) disruption due to a cybersecurity attack. Cyberattacks range from 0 to 1 with an average of 0.15. The Cronbach’s alpha is 0.92. The two variables are designed to measure two concepts, and the resulting Cronbach’s alphas are sufficient for each measure.

Independent Variables

Social Factors

We include three measures from the survey that capture individual managerial views and comfort with social media and open data initiatives. Social Media views refers to the manager’s views on how social media platforms are used by the organizations. The variable Social Media Views is the averaged scale of responses to a survey item that asked respondents to indicate their level of agreement or disagreement with the following six statements: (a) social media tools enhance knowledge exchange in my organization, (b) social media tools improve my organization's work, (c) social media use tends to waste time (REVERSE), (d) using social media makes my organization more efficient, (e) the benefit of social media tools in the workplace is highly overrated (REVERSE), (f) social media tools increase the exchange of useful information in my organization. Social Media Views ranges from 0.57 to 4.14 with an average of 2.73. Cronbach's alpha is 0.83.

Comfort With Open Data captures the manager’s support for open data. The variable is the averaged scale of responses to an item that asked respondents to indicate how comfortable they are with the government publicly providing data about: (a) real estate transactions online, (b) criminal records of individual citizens online, (c) performance of individual teachers at local schools online, (d) police use-of-force online, (e) health and safety records of local restaurants online, and (f) employee salary and benefits online. Comfort with Open Data ranges from one to four, with an average of 2.95. Cronbach’s alpha is 0.75.

Benefits of Open Data captures the manager’s views on department and community gains from using open data sources. The variable is the averaged scale of responses to a survey item that asked respondents how much, if at all, does open data provided by the government help with: (a) creating new business products and services, (b) enabling nonprofits to serve the community, (c) facilitating citizen involvement in public affairs, (d) allowing journalists to cover government activities more thoroughly, (e) providing the public with greater ability to monitor government performance, and (f) making government officials more accountable to the public. The variable ranges from zero to four with an average of 2.8. Cronbach’s alpha is 0.89.

Technical Factors

We include nine variables to capture government agency technology use and capacity. Four variables capture organizational social media use. The first variable measures the intensity of social media use. The survey asked respondents to rate how often people in the organization use Twitter, Facebook, YouTube, LinkedIn, and Instagram for work purposes (Respondents that did not indicate using social media tools in their organization were coded as zero). Response categories included (1) daily or almost daily, (2) several times a week, (3) about once per week, (4) about once every two weeks, (5) about monthly, and (6) less often or never. Frequency responses were averaged across the five platforms for each respondent to create the variable, Social Media Intensity. Respondents report using social media accounts for work purposes on average between several times a week and only once per week (Mean = 2.71, SD = 1.63).

We also measure how organizations use social media with a survey item that asks: for what purpose does your organization use the types of tools you named? Response categories included for information dissemination, to receive input on planning and policies or feedback on service quality, and to facilitate citizen participation. These three purposes represent push, pull, and interaction uses of social media. Push refers to pushing out information and posting it online. Pull is soliciting input, feedback, and public opinion. Interaction is the full interactive use of social media to engage the public. The three variables are coded 1 if the organization uses social media tools for each purpose, 0 if not.

We capture technology use at the organization with three measures of electronic tools and one index for overall capacity from the survey. Document collaboration tools indicate if the department uses collaboration tools such as Google Docs and Wikis. On average, 51% of the departments use document collaboration tools for work purposes (SD = 0.50). Work coordination tools indicate if the department uses programs such as Google Calendar, MS Project, and Slack to coordinate schedules and projects. Approximately 58% of the organizations use work coordinating tools (SD = 0.49). File sharing tools indicate if the department uses programs that enable sharing files, such as Dropbox, Google Drive, and Box.com. File sharing tools are the most reported, with 76% of the departments using file sharing tools for work purposes (SD = 0.43). Open data portal measures whether the department has an open data portal ( = 1, 0 otherwise) in 2018 and was from city government websites; 37% of departments had an open data portal (SD = 0.48).

Technical capacity measures the department’s capacity to use technology in terms of time, training, and software. The variable is the reverse averaged scale of the level of agreement with the following survey statements: (a) my agency is ill-equipped to manage important questions about online security and privacy, (b) management lacks software applications that would make work more efficient, (c) my agency is too busy to effectively monitor, control, and use the data we collect, and (d) there is a mismatch between our department’s needs and what technology can provide. Technology Capacity ranges from 1 to 4.75 with an average of 2.62. Cronbach’s alpha is 0.80.

Control Variables

We include control variables at the individual, department, and city level. At the individual level, we use survey data to control for personal social media use and age. We control for the department size, culture, and type, all measures from the survey. At the city level, we control for the natural log of city population and form of government using data from the U.S. Census and city websites. Table 1 shows the descriptive statistics for all variables in the models and Table 2 reports the correlations.

Table 1.

Descriptive Statistics for Study Variables.

Variable	n	Mean	SD	Min	Max
Dependent variables
Unauthorized disclosures	616	.05	.16	0	1
Unintended/accidental electronic disclosure	616	.07	.26	0	1
Unauthorized disclosure to media	614	.05	.23	0	1
Unauthorized disclosure to citizens/community groups	611	.04	.19	0	1
Unauthorized disclosure to politicians/public officials	616	.05	.21	0	1
Disruptive cyberattacks	616	.15	.24	0	1
Attempted security breach	616	.32	.47	0	1
Ransom demand following a cybersecurity attack	615	.05	.21	0	1
Disruption due to a cybersecurity attack	616	.09	.29	0	1
Independent variables
Social factors
Social media views	594	2.73	.72	.57	4.14
Social media tools enhance knowledge exchange	593	3.68	.99	1	5
Social media tools improve my organization’s work	594	3.50	1.02	1	5
Social media use tends to waste time	570	3.19	1.00	1	5
Using social media makes my organization more efficient	588	2.64	.99	1	5
The benefit of social media tools is highly overrated	574	4.47	1.14	1	5
Social media tools increase the exchange of information	594	3.64	.98	1	5
Comfort with open data	606	2.95	.62	1	4
Real estate transactions online	602	3.25	.87	1	4
Criminal records of individual citizens online	596	2.49	1.08	1	4
Performance of individual teachers at local schools online	590	2.43	1.00	1	4
Police use-of-force online	597	2.82	.95	1	4
Health and safety records of local restaurants online	598	3.54	.69	1	4
Employee salary and benefits online	606	3.12	.91	1	4
Benefits of open data	599	2.08	.90	0	4
Creating new business products and services	597	2.10	1.32	0	4
Enabling nonprofits to serve the community	597	2.39	1.27	0	4
Facilitating citizen involvement in public affairs	598	3.00	1.04	0	4
Allowing journalists to cover government activities	599	2.97	1.09	0	4
Providing greater ability to monitor government performance	598	3.15	.96	0	4
Making government officials more accountable to the public	599	3.15	.94	0	4
Technical factors
Social media intensity	621	2.71	1.63	0	6
Social media–push	621	.85	.36	0	1
Social media–pull	621	.60	.49	0	1
Social media–interaction	561	.70	.46	0	1
Document collaboration tools	593	2.96	.99	1	5
Work coordination tools	621	.58	.49	0	1
File sharing tools	621	.76	.43	0	1
Open data portal	601	.37	.48	0	1
Organizational technical capacity	615	2.62	.87	1	4.75
Ill-equipped to manage questions	615	2.20	.99	1	5
Lacks software applications	614	2.75	1.14	1	5
Mismatch between needs and technology	614	2.75	1.14	1	5
Too busy to effectively monitor	615	2.78	1.11	1	5
Control variables
Individual level control variables
Personal social media use	621	1.50	1.34	0	5
Age	566	53.97	8.23	31	74
Department level control variables
Department size (FTE)	587	3.70	1.55	0	8.52
Organizational centralization	594	2.45	.63	1	5
Even small matters have to be referred to someone higher up	582	2.10	.84	1	5
Make her or his own decisions would be quickly discouraged	588	2.15	.85	1	5
There can be little action taken here until a supervisor approves	593	2.45	.87	1	5
Top management exerts strong control over this organization	592	2.57	.91	1	5
Organizational innovativeness	595	3.32	.76	1	5
Employees are rewarded for developing innovative solutions	592	3.60	.98	1	5
People who develop innovative solutions are rewarded	591	3.49	.96	1	5
People are willing to stick their necks out and take risks	590	3.07	.95	1	5
Most employees in this organization are not afraid to take risks	593	3.11	.95	1	5
Mayor’s office	621	.16	.37	0	1
Police	621	.20	.40	0	1
Community development	621	.24	.43	0	1
Finance	621	.19	.40	0	1
Parks and recreation	621	.20	.40	0	1
City level control variables
City population (natural log)	621	11.30	.69	10.01	12.56
Mayor-council	621	.25	.43	0	1

Table 2.

Matrix of Correlations.

Variables	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26
(1) Disclosure	1.0
(2) Security	0.6	1.0
(3) Social media views	−0.1	−0.1	1.0
(4) Comfort with open data	0.0	0.0	0.1	1.0
(5) Benefits of open data	−0.1	−0.1	0.2	0.2	1.0
(6) Social media intensity	0.0	−0.1	0.3	0.0	0.0	1.0
(7) SM–push	0.0	−0.1	0.2	0.0	0.0	0.4	1.0
(8) SM–pull	0.0	0.0	0.1	0.0	0.0	0.2	−0.2	1.0
(9) SM–interaction	0.0	0.0	0.3	0.0	0.0	0.4	0.4	0.3	1.0
(10) Technical capacity	0.2	0.2	−0.1	0.0	0.0	−0.1	−0.1	0.0	0.0	1.0
(11) Document collaboration tools	0.0	0.0	0.1	0.0	0.1	0.2	0.1	0.1	0.2	0.0	1.0
(12) Work coordination tools	0.1	0.0	0.1	0.0	0.0	0.1	0.1	0.1	0.1	0.0	0.4	1.0
(13) File sharing tools	0.0	0.0	0.1	0.0	0.1	0.2	0.2	0.1	0.2	0	0.3	0.2	1.0
(14) Open data portal	0.0	0.0	0.0	0.0	−0.1	0.0	0.0	0.0	−0.1	0.0	0.0	0.0	0.0	1.0
(15) Personal SM use	0.1	0.0	0.1	0.0	0.0	0.1	0.1	0	0.1	0.0	0.0	0.0	0.1	−0.1	1.0
(16) Age	0.0	0.0	0.0	0.0	0.1	0.0	0.1	0	0.1	0	0.1	0.0	0.1	0.0	0.0	1.0
(17) Department size	0.0	0.0	0.0	0.0	0.0	0.0	0.0	0.0	0.1	0	0.1	0.0	0.0	0.0	0.0	0.6	1.0
(18) Centralization	0.2	0.1	−0.1	0.0	−0.1	−0.1	0.0	0.0	−0.1	0.2	−0.1	0.0	−0.1	0.1	0.0	0.1	0.0	1.0
(19) Innovation	−0.2	−0.2	0.2	0.0	0.2	0.2	0.0	0.1	0.1	−0.3	0.1	0.1	0.2	−0.1	0.0	−0.1	0.0	−0.6	1.0
(20) Mayor’s office	−0.1	−0.1	0.0	0.0	0.0	0.2	0.1	0.0	0.0	0.0	0.1	0	0.1	0.0	0.0	0.0	0.0	0.0	0.1	1.0
(21) Police	0.0	0.0	0.1	0.1	−0.1	0.1	0.1	0.0	0.1	0.0	0.0	0.1	−0.1	0.0	0.0	−0.1	0.0	0.0	0.0	−0.2	1.0
(22) Community development	0.1	0.1	−0.1	0.0	0.0	−0.2	−0.1	0.0	−0.1	0.1	−0.1	0.0	0.1	0.0	0.0	0.1	0.1	0.0	−0.1	−0.2	−0.3	1.0
(23) Finance	0.0	0.0	−0.2	0.0	0.0	−0.2	−0.2	0.0	−0.2	0.0	−0.1	−0.1	−0.1	0.0	0.0	0.0	0.0	0.0	0.0	−0.2	−0.3	−0.3	1.0
(24) Parks & recreation	0.0	0.0	0.1	0.0	0.1	0.1	0.1	0.0	0.2	0.0	0.1	0.1	0.0	0.1	0.1	0.0	0.0	0.0	0.1	−0.2	−0.3	−0.3	−0.2	1.0
(25) City population	0.1	0.0	0.1	0.1	0.1	0.3	0.1	0.1	0.1	0.0	0.2	0.1	0.1	0.1	0.0	0.0	0.0	0.0	0.1	0.0	0.0	0.0	0.1	0.0	1.0
(26) Mayor council	0.0	0.1	0.0	0.1	0.0	−0.2	−0.1	0.0	−0.1	0	−0.1	0.0	−0.1	0.0	0.0	−0.1	−0.1	0.1	−0.2	0.0	0.0	0.0	0.0	0.0	−0.1	1.0

Methodology

Correct model identification is key to accurately analyzing a complicated phenomenon. There are three requirements to ascertain an appropriate structural equation model (SEM) (Kline, 2010). First, the degrees of freedom of the model should be greater than zero. Second, the latent variables must have a scale and the variance of one latent variable should be fixed to one. Third, all latent variables should have a minimum of two indicators. Our specified model meets all three criteria resulting in more robust results. We performed SEM on correlation matrices using Mplus with a sample of 547 public managers. We present three progressing models: the first model contains only the social factors; the second model contains only the technical factors; and the final model has the social and technical factors and control variables. The models contain both measurement and structural components. The measurement component looks at how well the exogenous variables measure the latent variable constructs while the structural component models the relationships of the latent variables (Mainul Islam & Faniran, 2005). The final model integrates the latent constructs with their corresponding measures into the structural equation model (SEM) based on the exploratory factor analysis and theoretical expectations.

We tested the overall fit of the hypothesized model. The comparative fit index (CFI = 0.73) and the Tucker-Lewis Index (TLI = 0.709) are incremental fit indices that are close but lower than the recommended value of 0.90. The root-mean-square error of approximation (RMSEA = 0.030) shows evidence of good model fit because the result is lower than 0.05. Even though the Chi-square statistic (p-value = .00) shows a significant difference between a perfect model and the hypothesized model, the results of the other fit indices indicate that the hypothesized model fits the data relatively well.

Results

We present the results for each hypothesis, discussing the relationships between the predictors and the two cyber incident dependent variables: unauthorized disclosures and disruptive cyberattacks. The results for the three models are shown in Table 3. Our discussion of the results focuses on the final models containing the social factors, technical factors, and control variables.

Table 3.

Results of the Structural Equation Models (SEM) Predicting Cyber Incidents.

	Model 1: Unauthorized disclosures			Model 2: Cyberattacks
	Social only	Technical only	Full model	Social only	Technical only	Full model
Social factors
Social media views	−0.04		−0.11**	0.07		0.13*
	(0.07)		(0.05)	(0.06)		(0.07)
Comfort with open data	−0.10		−0.19**	0.01		−0.02
	(0.10)		(0.08)	(0.08)		(0.07)
Benefits of open data	0.14		0.13**	0.08		0.08
	(0.10)		(0.07)	(0.08)		(0.07)
Technical factors
Social media intensity		0.02	−0.04		0.07	0.06
		(0.06)	(0.10)		(0.05)	(0.06)
SM–push		0.64***	0.83***		−0.34	−0.27
		(0.21)	(0.21)		(0.23)	(0.22)
SM–pull		0.34	0.47		0.00	0.03
		(0.23)	(0.31)		(0.13)	(0.16)
SM–interaction		0.06	−0.01		−0.05	−0.01
		(0.24)	(0.38)		(0.16)	(0.20)
Document collaboration tools		0.38	0.33		−0.03	−0.06
		(0.24)	(0.32)		(0.16)	(0.18)
Work coordination tools		0.07	0.13		0.44***	0.6
		(0.21)	(0.28)		(0.15)	(0.18)
File sharing tools		0.32	0.58*		0.11	0.10***
		(0.26)	(0.35)		(0.20)	(0.23)
Open data portal		0.22	0.17		0.06	0.05
		(0.26)	(0.3)		(0.14)	(0.18)
Technical capacity		−0.15**	−0.15***		−0.11**	−0.17***
		(0.07)	(0.06)		(0.05)	(0.07)
Controls
Personal social media use			0.05			−0.13**
			(0.08)			0.06
Age			−0.01			−0.02*
			(0.01)			(0.01)
Department size			0.08			0.04
			(0.13)			(0.06)
Centralization			0.13			−0.16*
			(0.11)			(0.10)
Innovativeness			0.03			−0.09
			(0.1)			(0.11)
Police			−0.17			−0.63**
			(0.56)			(0.27)
Community development			−0.66*			−0.50**
			(0.44)			(0.24)
Finance			−0.07			0.11
			(0.44)			(0.27)
Parks and recreation			−0.45			−0.34
			(0.46)			(0.25)
City population			−0.12			−0.05
			(0.22)			(0.15)
Mayor council			0.09			−0.47**
			(0.29)			(0.23)

For each dependent variable we report three models. From left to right, the columns show social factors only, technical factors only, and full model with controls. The standard errors are in the parentheses.

Reference category for department type: Mayor’s office.

*** p < .01, ** p < .05, * p < .10.

We find partial support for Hypothesis 1. Positive managerial views of social media are negatively associated with unauthorized disclosures (β = −0.11, p-value = .040). In contrast, positive views of social media are positively associated with cyberattacks (β = 0.13, p-value = .098), which is opposite of our expectations.

We find mixed results for Hypothesis 2, which expected positive managerial views of open data would be negatively associated with cyber incidents. Public managers’ comfort with open data is negatively associated with reports of unauthorized disclosures (β = −0.19, p-value = .017), but positive views on the benefits of open data are positively associated with reports of unauthorized disclosures (β = 0.13, p-value = .015). Managerial views of open data are not significantly related to cyberattacks.

We do not find support for Hypothesis 3, the intensity of social media use in the organization is not related to cyber incidents. There is limited support for Hypothesis 4, which expected cyber incidents would vary by social media purpose (push, pull, and interaction). The use of social media for push purposes is positively related to unauthorized disclosures (β = 0.83, p-value = .003). The other measures are not significant.

We find limited support for Hypothesis 5. The use of file sharing tools is positively associated with unauthorized disclosures (β = 0.58, p-value = .098) and cyberattacks (β = 0.10, p-value = .002), but coordination and collaboration tools are not significantly related to cyber incidents. We do not find support for Hypothesis 6, which we expected a positive relationship between having an open data portal and cyber incidents. We find support for Hypothesis 7. Technology capacity is negatively related to unauthorized disclosures (β = −0.15, p-value = .002) and cyberattacks (β = −0.17, p-value = .004). All significant results from the hypotheses are shown in Figure 1.

Figure 1.

Significant results for model predicting cyber incidents.

Five of the control variables are significantly and negatively related to cyberattacks: managers’ personal social media use, age, having an organizational culture of centralization, department type, and form of government.

Before discussing the implications for theory, research, and practice, it is important to note the limitations to this study. Our models use self-reported survey data, which is limited to respondent recall. Due to the cross-sectional structure of the data, we cannot make causal claims about the relationships. Additionally, these data are particularly vulnerable to endogeneity, which is when an explanatory variable correlates with the error term and not accounting for it can bias the estimates (Sande & Ghosh, 2018). However, theory indicates that the relationships are in the direction we have placed them in the model and the empirical results support the theory. We combat the threats of common source bias by including measures that are not reported by survey respondents (e.g., measures drawn from city websites, and the U.S. Census), but this can still be an issue as the dependent and independent variables are measured using the same survey.

Omitted variable bias remains a concern. Other possible important independent variables that we were not able to include in the models include IT specific budgets for each department and objective data about cyberattacks. Research shows IT budgets impact e-government innovation and barriers. Unfortunately, IT specific budget data is not readily available in the financial reports across city departments. Additionally, there is no public data on the frequency of cyberattacks in city governments. Finally, the findings are only generalizable to small and medium sizes U.S. city governments.

Discussion

Sociotechnical theory leads us to expect that technology management and use is a function of social structures in the organization and technical aspects. We capture social factors related to reported cyber incidents with measures of managerial views and perceptions of technology adoption and use. This is consistent with our expectation from the literature that manager buy-in and know-how reduces negative technology outcomes (Wirtz & Weyerer, 2017). Managerial views of social media and comfort with open data are negatively related to reporting unauthorized disclosures. Positive managerial views of social media and the benefits of open data are positively related to reporting cyber incidents. Additionally, an organizational culture of centralization is a social factor negatively related to cyberattacks. Centralized organizations may be better prepared to prevent and respond to cyber incidents, which confirm the findings of past research (Feeney & Welch, 2016; Fusi & Feeney, 2018). The mixed results in the relationships between managerial perceptions of social media and open data, organization culture, and cyber incidents illustrate the complex relationships between organizational social systems and technology security.

Organizational technology use related to intensity and type of social media use and having an open data portal are not significantly related to reporting cyber incidents. Most of the measures of technology use for internal work purposes are also unrelated to reporting cyber incidents. The use of file sharing applications in the organization is significantly related to both unauthorized disclosures and cyberattacks, which is consistent with the past research (Wirtz & Weyerer, 2017; Yixin, 2011) that high reliance on technological tools can lead to more vulnerabilities, risks, and cybersecurity incidents for the department. Aligning with sociotechnical theory, we find that some technologies have characteristics that make them easier to use for their intended purposes and thus reduce likelihood of cyber incidents. In contrast, other platforms, for example, file sharing applications, have more complex technical features that require active user interaction and know-how, thus increasing social practices that produce more varied and unpredictable outcomes (Appelbaum, 1997; Leonardi, 2021) and in turn increasing vulnerabilities and risks (Wirtz & Weyerer, 2017). The control variable measuring respondent personal use of social media is another example of social practices shaping technical aspects and outcomes (Feeney & Welch, 2016); technical uptake and success is shaped by the respondent's behavior and attitudes towards social media including know-how, which reduces learning costs, workload, and unpredicted or varied outcomes when ICT platforms are used in the workplace (Picazo-Vela et al., 2012).

The findings lend support to the growing evidence that department technical capacity is a key predictor of e-government challenges and success. Effectively and securely using ICTs requires active work and attention as discussed by Bertot et al. (2012), but city departments have finite resources. Technical capacity is critical to reducing cyber incidents especially in the case of the insertion of malware and other attack agents, the department’s capacity in terms of resources, time, and knowledge are critical. Departments that report higher technical capacity report fewer unintended disclosures of data and cyberattacks. These findings align with much of the literature that finds technical capacity and experience using technology in the workplace are key predictors of e-government adoption, use, and success (Campbell et al., 2014; Feeney & Welch, 2016; Fusi & Feeney, 2018).

Conclusions

This paper has assessed the relationships between social and technical factors in city government and two types of cyber incidents: unauthorized disclosures and disruptive cyberattacks. The theoretical and practical implications of the study are important as they contribute to sociotechnical theory by expanding our understanding of how social structures in organizations and technical aspects are related to cyberthreats. The results indicate that cyber incidents in local government are weakly related to managerial support for social media use and open data initiatives and strongly related to organizational technical capacity. These findings show the critical importance of organizational technical capacity and the mixed results for managerial perceptions indicate that manager buy-in and behavior shape and are shaped by technical aspects and cyberthreats in government.

Practical implications from these findings include increased training for managers, understanding the core security and privacy threats associated with social media, open data initiatives, and technology use at work and better preparing digital infrastructure and managerial skill sets to ensure ease of use while maintaining security. These results indicate that investment in resources and technical capacity are important for reducing unintended information disclosures and disruptive cyberattacks. This research shows that social factors such as managerial perceptions and frequency of use may not be as important as the technical capacity of the organization. Future research would benefit from diving deeper into the relationship between technical capacity and cyber incidents and the factors not included in this research that might explain the frequency of digital security breaches in local government.

Footnotes

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Ashlee Frandell

Author Biographies

Ashlee Frandell is a doctoral candidate at Arizona State University. Her research interests are on technology use and equity in the public sector, which includes public-private partnerships, STEM workforce mobility and communication and the inclusion of disadvantaged groups.

Mary Feeney is professor and Lincoln Professor of Ethics in Public Affairs at Arizona State University. Her research focuses on public and nonprofit management and science and technology policy. She is a Fellow of the National Academy of Public Administration.

References

Accenture (2016). High performance security Report 2016: Confidence + Capability: “Rebooting” Public Sector Cybersecurity.

Alshehri

Drew

(2011). E-government principles: Implementation, advantages and challenges. IJEB, 9(3), 255–270. https://doi.org/10.1504/IJEB.2011.042545

Appelbaum

S. H.

(1997). Socio-technical systems theory: An intervention strategy for organizational development. Management decision, 35(6), 452–463. https://doi.org/10.1108/00251749710173823

Barry

Bannister

(2014). Barriers to open data release: A view from the top. Information Polity, 19(1--2), 129–152. https://doi.org/10.3233/IP-140327

Beno

Figl

Umbrich

Polleres

(2017). Open data hopes and fears: Determining the barriers of open data. In 2017 Conference for e-democracy and open government (CeDEM) (pp. 69–81). IEEE.

Benson

Saridakis

Tennakoon

(2015). Information disclosure of social media users: Does control over personal information, user awareness and security notices matter? Information Technology & People, 8(3):426–441. https://doi.org/10.1108/ITP-10-2014-0232

Bertot

J. C.

Jaeger

P. T.

Grimes

J. M.

(2012). Promoting transparency and accountability through ICTs, social media, and collaborative e-government. Transforming Government: People, Process and Policy.

Campbell

D. A.

Lambright

K. T.

Wells

C. J.

(2014). Looking for friends, fans, and followers? Social media use in public and nonprofit human services. Public Administration Review, 74(5), 655–663.

Damanpour

Schneider

(2009). Characteristics of innovation and innovation adoption in public organizations: Assessing the role of managers. Journal of Public Administration Research and Theory, 19(3), 495–522. https://doi.org/10.1093/jopart/mun021

10.

Edmiston

K. D.

(2003). State and local e-government: Prospects and challenges. The American Review of Public Administration, 33(1), 20–45. https://doi.org/10.1177/0275074002250255

11.

Eynon

Margetts

(2007). Organisational solutions for overcoming barriers to eGovernment. European Journal of ePractice, 1.

12.

Feeney

M. K.

Fusi

Camarena

Zhang

(2020). Towards more digital cities? Change in technology use and perceptions across small and medium-sized US cities. Local Government Studies, 46, 820–845.

13.

Feeney

M. K.

Porumbescu

(2020). The limits of social media for public administration research and practice. Public Administration Review, 81(4):787–792. https://doi.org/10.1111/puar.13276

14.

Feeney

M. K.

Welch

(2012). Electronic participation technologies and perceived outcomes for local government managers. Public Management Review, 14(6), 1–19. https://doi.org/10.1080/14719037.2011.642628

15.

Feeney

M. K.

Welch

E. W.

(2016). Technology-task coupling: Exploring social media use and managerial perceptions of e-government. The American Review of Public Administration, 46(2), 162–179.

16.

Fusi

Feeney

M. K.

(2018). Social Media in the workplace: Information exchange, productivity, or waste? The American Review of Public Administration, 48(5), 395–412. https://doi.org/10.1177/0275074016675722

17.

Goldfinch

(2007). Pessimism, computer failure, and information systems development in the public sector. Public Administration Review, 67(5), 917–929. https://doi.org/10.1111/j.1540-6210.2007.00778.x

18.

Gonzalez-Zapata

Heeks

(2015). The multiple meanings of open government data: Understanding different stakeholders and their perspectives. Government Information Quarterly, 32(4), 441–452. https://doi.org/10.1016/j.giq.2015.09.001

19.

Grubmüller

Götsch

Krieger

(2013). Social media analytics for future oriented policy making. Eur J Futures Res, 1(1), 20. https://doi.org/10.1007/s40309-013-0020-7

20.

Haro-de-Rosario

Sáez-Martín

del Carmen Caba-Pérez

(2018). Using social media to enhance citizen engagement with local government: Twitter or Facebook? New Media & Society, 20(1), 29–49. https://doi.org/10.1177/1461444816645652

21.

Horst

Kuttschreuter

Gutteling

J. M.

(2007). Perceived usefulness, personal experiences, risk perception and trust as determinants of adoption of e-government services in The Netherlands. Computers in Human Behavior, 23(4), 1838–1852.

22.

Janssen

Charalabidis

Zuiderwijk

(2012). Benefits, adoption barriers and myths of open data and open government. Information Systems Management, 29(4), 258–268. https://doi.org/10.1080/10580530.2012.716740

23.

Jeyaraj

Rottman

J. W.

Lacity

M. C.

(2006). A review of the predictors, linkages, and biases in IT innovation adoption research. Journal of Information Technology, 21(1), 1–23.

24.

Karahanna

Straub

D. W.

(1999). The psychological origins of perceived usefulness and ease-of-use. Information & Management, 35(4), 237–250. https://doi.org/10.1016/S0378-7206(98)00096-2

25.

Kavanaugh

A. L.

Fox

E. A.

Sheetz

S. D.

Yang

L. T.

Shoemaker

D. J.

Natsev

Xie

(2012). Social media use by government: From the routine to the critical. Government Information Quarterly, 29(4), 480–491. https://doi.org/10.1016/j.giq.2012.06.002

26.

Khan

G. F.

Swar

Lee

S. K.

(2014). Social media risks and benefits a public sector perspective. Social Science Computer Review, 32(5), 606–627. https://doi.org/10.1177/0894439314524701

27.

Kim

J. H

. (2017). Social media use and well-being. In Subjective well-being and life satisfaction (pp. 253–271). Routledge.

28.

Kiron

Palmer

Phillips

A. N.

Kruschwitz

(2012). Social business: what are companies really doing. MIT Sloan Management Review, 53(4), 1.

29.

Kline

R. B.

(2010). Principles and practice of structural equation modeling. GuilfordPress.

30.

Kumar

Shah

(2018). False information on web and social media: A survey. arXiv preprint arXiv:1804.08559.

31.

Layne

Lee

(2001). Developing fully functional e-government: A four stage model. Government Information Quarterly, 18(2), 12–136. https://doi.org/10.1016/S0740-624X(01)00066-1

32.

Leonardi

P. M.

(2012). Materiality, sociomateriality, and socio-technical systems: What do these terms mean? How are they different? Do we need them. Materiality and Organizing: Social Interaction in a Technological World, 25(10), 10–1093. https://ssrn.com/abstract=2129878.

33.

Leonardi

P. M.

(2021). COVID-19 and the new technologies of organizing: Digital exhaust, digital footprints, and artificial intelligence in the wake of remote work. Journal of Management Studies, 58(1), 249.

34.

M.-H.

Feeney

M. K.

(2014). Adoption of electronic technologies in local U.S. governments: Distinguishing between e-services and communication technologies. The American Review of Public Administration, 44(1), 75–79. https://doi.org/10.1177/0275074012460910

35.

Magro

(2012). A review of social media use in e-government. Administrative Sciences, 2(2), 148–161. https://doi.org/10.3390/admsci2020148

36.

Mainul Islam

M. D.

Faniran

O. O.

(2005). Structural equation model of project planning effectiveness. Construction Management and Economics, 23(2), 215–223. https://doi.org/10.1080/0144619042000301384

37.

Meijer

(2015). E-governance innovation: Barriers and strategies. Government Information Quarterly, 32(2):198–206. https://doi.org/10.1016/j.giq.2015.01.001

38.

Meijer

A. J.

Torenvlied

(2016). Social media and the new organization of government communications an empirical analysis of twitter usage by the Dutch police. The American Review of Public Administration, 46(2), 143–161. https://doi.org/10.1177/0275074014551381

39.

Meijer

Conradie

Choenni

(2014). Reconciling contradictions of open data regarding transparency, privacy, security and trust. Journal of Theoretical and Applied Electronic Commerce Research, 9(3), 32–44. https://doi.org/10.4067/S0718-18762014000300004

40.

Mergel

(2013). Social media adoption and resulting tactics in the U.S. Federal government. Government Information Quarterly, 30(2), 123–130. https://doi.org/10.1016/j.giq.2012.12.004

41.

Mergel

. (2014). Social media adoption: Toward a representative, responsive or interactive government?. Proceedings of the 15th Annual International Conference on Digital Government Research (pp. 163–170).

42.

Mergel

(2015). Designing social media strategies and policiesHandbook of public administration (3rd edition), pp. 456–468.

43.

Mondal

Silva

L. A.

Correa

Benevenuto

(2018). Characterizing usage of explicit hate expressions in social media. New Review of Hypermedia and Multimedia, 24(2), 110–130.

44.

Moon

M. J.

(2002). The evolution of e-government among municipalities: Rhetoric or reality? Public Administration Review, 62(4), 424–433. https://doi.org/10.1111/0033-3352.00196

45.

Muggah

Goodman

. (2019). Cities are easy prey for cybercriminals: Here’s how they can fight back, Agenda, 30 September.

46.

Ngai

E. W. T.

Tao

S. S. C.

Moon

K. K. L.

(2015). Social media research: Theories, constructs, and conceptual frameworks. International Journal of Information Management, 35(1), 33–44. https://doi.org/10.1016/j.ijinfomgt.2014.09.004

47.

Oliveira

G. H. M.

Welch

E. W.

(2013). Social media use in local government: Linkage of technology, task, and organizational context. Government Information Quarterly, 30(4), 397–405.

48.

Orlikowski

W. J.

(2000). Using technology and constituting structures: A practice lens for studying technology in organizations. Organization Science, 11(4), 404–428. https://doi.org/10.1287/orsc.11.4.404.14600

49.

Picazo-Vela

Gutiérrez-Martínez

Luna-Reyes

L. F.

(2012). Understanding risks, benefits, and strategic alternatives of social media applications in the public sector. Government Information Quarterly, 29(4), 504–511.

50.

Putnam

R. D.

(2000). Bowling alone: The collapse and revival of American community. Simon & Schuster.

51.

Rice

A. K.

(1953). Productivity and social organization in an Indian weaving shed: An examination of some aspects of the socio-technical system of an experimental automatic loom shed. Human Relations, 6(4), 297–329. https://doi.org/10.1177/001872675300600402

52.

Ruijer

Détienne

Baker

Groff

Meijer

A. J.

(2020). The politics of open government data: Understanding organizational responses to pressure for more transparency. The American Review of Public Administration, 50(3), 260–274. https://doi.org/10.1177/0275074019888065

53.

Safarov

Meijer

Grimmelikhuijsen

(2017). Utilization of open government data: A systematic literature review of types, conditions, effects and users. Information Polity, 22(1), 1–24. https://doi.org/10.3233/IP-160012

54.

Sande

J. B.

Ghosh

M. G.

(2018). Endogeneity in survey research. International Journal of Research in Marketing 35(2):185–204. https://doi.org/10.1016/j.ijresmar.2018.01.005

55.

Simmons

Ellis

Shiva

Dasgupta

(2014) AVOIDIT: A cyber attack taxonomy, University of Memphis, Technical Report CS-09-003.

56.

Tong

Perlroth

(2021). “2021 In Cybersecurity: Big Year for Hackers, but the Good Guys Scored Some Wins.” Here and Now.

57.

Toots

Mcbride

Kalvet

Krimmer

(2017). Open data as enabler of public service co-creation: Exploring the drivers and barriers. In 2017 Conference for E-Democracy and Open Government (CeDEM) (pp. 102–112). IEEE.

58.

Trist

E. L.

Bamforth

K. W.

(1951). Defenses of a work group in relation to the social structure and of coal-getting: An examination of the psychological situation and some social and psychological consequences of the longwall method technological content of the work system. Human Relations, 4(3), 3–38. https://doi.org/10.1177/001872675100400101

59.

Virkar

Viale Pereira

. (2018). Exploring open data state-of-the-art: a review of the social, economic and political impacts. In International Conference on Electronic Government (pp. 196–207). Cham: Springer.

60.

Wang

Shepherd

(2020). Exploring the extent of openness of open government data–A critique of open government datasets in the UK. Government Information Quarterly, 37(1), 101405. https://doi.org/10.1016/j.giq.2019.101405

61.

Webber

Szymanski

(2012). Guarding the social gates: The imperative for social media risk management. The Altimeter Group.

62.

Welch

E. W.

Hinnant

C. C.

Moon

M. J.

(2005). Linking citizen satisfaction with e-government and trust in government. Journal of Public Administration Research & Theory, 15(3), 371–391. https://doi.org/10.1093/jopart/mui021

63.

Wirtz

B. W.

Weyerer

J. C.

(2017). Cyberterrorism and cyberattacks in the public sector: How public administration copes with digital threats. International Journal of Public Administration, 40(13), 1085–1100. https://doi.org/10.1080/01900692.2016.1242614

64.

Yixin

(2011). Study on the current situation of information security and countermeasures in China. Energy Procedia, 5, 392–396. https://doi.org/10.1016/j.egypro.2011.03.067

65.

Zavattaro

S. M.

Sementelli

A. J.

(2014). A critical examination of social media adoption in government: Introducing omnipresence. Government Information Quarterly, 31(2), 257–264. https://doi.org/10.1016/j.giq.2013.10.007

66.

Zheng

(2014). Innovation through social media in the public sector: Information and interactions. Government Information Quarterly, 31(1), S106–S117. https://doi.org/10.1016/j.giq.2014.01.011