The Influence of Governmental Support on Cyber-Security Adoption and Performance: The Mediation of Cyber Security and Technological Readiness

The accelerated cyberattacks presents a severe challenge to the companies, as they seem unprepared to confront the threat of cyberattacks, they will suffer enormous losses and have their performance suffer as a result. To better serve its population and communities, Kuwait will have improved and updated its national infrastructure by 2035. This study examines how the governmental top management support, cyber security readiness, and technology readiness affect employee’s organizational security adoption intentions in Kuwait governmental organizations and realization of its benefits. The quantitative method was employed in this work. The study found that top management support influencing organizational security performance mediating by cyber security readiness and technology, which affects the tangible and intangible benefits. This study can help policy makers in governmental organizations to improve cyber security adoption. The findings of this study may be utilized for enhancing the sustainability of cyber security in governmental organizations in Kuwait.


INTRoDUCTIoN
The rapid advancement of technology has led to increased concerns about information security and the safety of digital assets and individuals connected to these technologies.Cyber-attacks are becoming more sophisticated and frequent, heightening these security concerns (Dinev & Hart, 2005).These concerns have significant economic implications, as organizations face substantial costs in securing data and potential financial repercussions from security breaches (Kruse et al., 2017).Studies have shown that organizations unprepared to respond to accelerated cybersecurity and information security concerns have suffered significant performance and financial losses (Hasan et al., 2021;Hasani et al., 2023).Therefore, understanding cybersecurity and the factors influencing it is crucial for developing effective strategies to safeguard digital assets and ensure the safety of individuals and organizations in the digital era.
The importance of cybersecurity has grown as government, business, and day-to-day activities have shifted online (Taddicken, 2013).The economic implications of these security concerns extend to the substantial costs involved in securing data and the potential financial repercussions of security breaches, where information is exploited (Gordon and Loeb, 2002;Dinev & Hart, 2005).Organizations unprepared for the rapid evolution in cybersecurity and information security not only face operational challenges but also significant financial losses (Hasani et al., 2023).Therefore, it is essential to comprehend the essence of both cyber and technological security and the factors affecting them (Hasani et al., 2023).In conclusion, the digital transformation has brought about unprecedented opportunities for organizations and companies to improve their products and services through digital technology.However, it has also introduced new vulnerabilities and security threats, emphasizing the critical importance of understanding cybersecurity and its implications for organizations and individuals.

overall Background
The rapid advancement of technology has led to increased concerns about information security and the safety of digital assets and individuals connected to these technologies.Cyber-attacks are becoming more sophisticated and frequent, heightening these security concerns (Dinev & Hart, 2005).These concerns have significant economic implications, as organizations face substantial costs in securing data and potential financial repercussions from security breaches (Kruse et al., 2017).It requires a holistic approach to manage the adoption of technology and its associated risks (Soomro et al., 2016).Studies have shown that organizations unprepared to respond to accelerated cybersecurity and information security concerns have suffered significant performance and financial losses (Hasani et al., 2023).Therefore, understanding cybersecurity and the factors influencing it is crucial for developing effective strategies to safeguard digital assets and ensure the safety of individuals and organizations in the digital era.The importance of cybersecurity has grown as government, business, and day-to-day activities have shifted online (Taddicken, 2013).The economic implications of these security concerns extend to the substantial costs involved in securing data and the potential financial repercussions of security breaches, where information is exploited (Dinev & Hart, 2005).Organizations unprepared for the rapid evolution in cybersecurity and information security not only face operational challenges but also significant financial losses (Hasani et al., 2023).Therefore, it is essential to comprehend the essence of both cyber and technological security and the factors affecting them (Hasani et al., 2023).Basing upon these and other earlier efforts, this study examines how top management support influence the employee's organizational security adoption intentions in Kuwait governmental organization.The study will take into consideration the mediation role both technological as well as cyber security readiness as mediators.This holistic approach is important because with the penetration of technology in to the business, social, and governmental contexts, the technological perspective alone cannot generate a full understanding of the technology usage, adoption, and its ultimate convergence to the performance.

The Importance of the Study
Most of the current studies approach to the cyber security issue is primarily focused on the information technology aspect to evaluated whetehr the information available online are sufficaintly secured (Blakley et al., 2001).However, this approach often overlooks the broader implications of technology adoption by organizations and governments.The risks incurred in this digital era extend beyond mere information security; they encompass the exposure of valuable economic resources and, more critically, the safety and well-being of humans involved in these processes.As such, the escalating risks necessitate the adoption of comprehensive security technologies, underpinned by a multi-perspective analysis that goes beyond traditional IT security frameworks.
This research aims to address the role of government top-level management in the adoption of security measures.The study will explore how leadership and decision-making at the top echelons of government can influence the holistic adoption of cybersecurity measures.By addressing these aspects, this research intends to provide a more comprehensive understanding of cybersecurity adoption in governmental contexts.It will offer practical insights for policymakers and government leaders in formulating effective cybersecurity strategies.

New Kuwait 2035 Strategic Plan and Cyber Security Adoption
More holestically, the information security and its technology must be a strategic concern of a country to attract more attention and resources for its adoption.The new Kuwait 2035 strategic plan is very much cyber based and naturally sensitive to the security technologies, which will be needed to support such technology driven future governance and operations in the country.As studies have suggested that when security technologies becomes a strategic concern can then guide the associated policy and can further provicde guidence and even standards (Höne & Eloff, 2002), so to achieve technological transfromation more smoothly and securely.

Aim and objective of the Study
The aim of this study is to elucidate how support from top-level government management can boost the adoption of sustainable security measures.This investigation will focus on the mediating roles of cybersecurity and technological readiness.The propose model will, therefore, offer a more holestic approach to the security adoption in the government sector in Kuwait.

Literature Review
In recent years, the increasing frequency and sophistication of cyber-attacks have underscored the critical importance of cyber-security readiness for organizations and governments.Technology readiness theory, as proposed by Ahmad et al. (2020), emphasizes the significance of evaluating the contemporary technologies available to organizations and governments to safeguard their digital resources and people in the face of continuous threats.This theory posits that the readiness of an organization to adopt and utilize technology is influenced by various factors, including toplevel management support.Bahuguna et al. (2019) have highlighted the pivotal role of top-level management in achieving cyber-security readiness within organizations.Their study suggests that the support and involvement of top management is a crucial resource for enhancing an organization's cyber-security readiness.
Furthermore, Berlilana et al. (2021) have emphasized the importance of top-level management support in transforming readiness into action and channeling security adoption towards organizational benefits.Study done by Smith et al. (2018) also provided empirical evidence of the positive impact of top-level management support on cyber-security readiness within government organizations.In light of the aforementioned literature, the following hypotheses have been formulated: H1: There is relationship between Governmental Top-Level Management Support to combat cyberattacks with the organization's cyber-security readiness.H2: There is relationship between Governmental Top-Level Management Support to combat cyberattacks with the organization's technological readiness.H3: There is relationship between Governmental Top-Level Management Support with organizational security adoption.
The relationship between an organization's readiness to combat cyber-attacks and its security performance/adoption (H4), as well as the relationship between the technological readiness of an organization to adopt new technology and its security performance/adoption (H5), are crucial aspects in the context of cybersecurity.Rawindaran et al. (2021) emphasize the significance of cyber security readiness and technology readiness in improving organizational performance.The study highlighted the need for continuous learning strategies within organizations, especially with the rapid evolution in cybersecurity adoption driven by tools such as artificial intelligence and machine learning.Furthermore, Blut and Wang (2019) discuss the concept of technology readiness and its impact on technology usage, emphasizing the importance of understanding people's propensity to embrace and use cutting-edge technologies.This aligns with the need to assess an organization's technological readiness in relation to the adoption of new security technologies.
Moreover, Kilani (2020) provides insights into the indirect effects of cyber-security motivators on internal processes within an organization, emphasizing the importance of cyber-security readiness in shaping organizational processes.This supports the evaluation of the relationship between an organization's readiness to combat cyber-attacks and its security performance/adoption.The synthesis of these references underscores the critical need to assess both cyber security readiness and technological readiness in organizations to understand their impact on security performance and adoption.This comprehensive evaluation is essential for addressing the evolving landscape of cybersecurity threats and the rapid advancements in security technologies.Thus, the following hypotheses has been formed H4: There is relationship between organization's readiness to combat cyber-attacks with the organization's security performance/adoption. H5: There is relationship between technological readiness of an organization to adopt new technology and with the security performance/adoption.
The pragmatics of security adoption are important to rationalize the very technology and cyber security adoption.H6 and H7, therefore test whether, security performance results in any tangible and intangible benefits.Both these tangible and intangible goods are the overall outcomes of the path impacts starting with technological readiness, cyber-security readiness, security performance, and ultimate.The study by Berlilana et al. (2021) is particularly relevant as it explores the tangible and intangible benefits arising from good security performance.Additionally, Li and Wang (2014) provide insights into the impact of intangible assets on profitability, which can be correlated with the intangible benefits resulting from good security performance.Furthermore, Rasmussen et al. (2017) extend a risk-benefit framework in donor selection, which can be valuable in understanding the tangible benefits associated with security performance.This research therefore, evaluate the followign two hypotheses to validated if the tangible and in tangible emerge from the good security performance.H6: Good security performance of an organization results in high tangible benefits for the organization.H7: Good security performance of an organization results in high intangible benefits for the organization.
The study goes further to evaluate whether both cyber security readiness and technological readiness have any mediation role to enhance the relationship between governmental top-level management support and tangible and intangible benefits post-adoption of organization security.For this purpose, H8 and H9 are designed to be tested.Both cyber-security readiness and technological readiness have been advocated as having stronger mediation roles in transforming the security performance into actual benefits (Berlilana et al., 2021).Additionally, the study done by Nifakos et al. (2021) emphasizes the importance of cybersecurity risk assessment in organizations, recommending the use of European and international standards to counter social engineering attacks, which underscores the significance of cyber-security readiness in organizational security (Nifakos et al., 2021).Furthermore, the study by Lai et al. (2018) classifies potential factors affecting big data analytics (BDA) adoption into technological, organizational, environmental factors, and supply chain characteristics, highlighting the relevance of technological readiness in the adoption of advanced technologies within organizational contexts (Lai et al., 2018).This supports the argument that technological readiness plays a crucial role in the adoption and implementation of technological solutions.
H8: Cyber-security readiness mediate the relationship between Governmental Top-Level Management Support and Tangible and Intangible Benefits Post-Adoption of Organization Security H9: Technological readiness mediation the relationship between Governmental Top-Level Management Support and Tangible and Intangible Benefits Post-Adoption of Organization Security

Data and Variables
This research was conducted to examine the cyber security readiness and organizational technology readiness with the mediation of top-level management support to determine the impact this has on cyber-attacks and the results of tangible and intangible benefits of its appliance.A survey with questionnaires that were distributed online and to governmental sectors to collect samples to solidify the proposed hypothesis.Each construct item is measured with a 5-scale Likert scale and the measurement starts from a scale of 1 represent strongly disagree to a scale of 5 which means strongly agree.Table 6 (Appendix A) demonstrates the model constructs and the corresponding items.Figure 1 shows all 9 hypotheses collectively as model of this study.

Methodology and Model Specifications
Partial Least Squares Structural Equation Modelling (PLS-SEM) is the best method for assessing complex models with a number of independent and dependent variables (Hair et al., 2014;Henseler et al., 2009).The examination of the measurement model was done first in the SEM research, which was then followed by the assessment of the structural model.The evaluation of a measurement model focuses on the assessment of constructs' reliability, convergent validity, and discriminant validity, in contrast to the structural model assessment, which focuses on the analysis of the connection between latent constructs and measured variables.The SmartPLS software was utilised for conducting PLS-SEM analysis.SmartPLS encompasses a range of metrics, including measurement model analysis, path analysis, and multigroup analysis, for the purpose of conducting model testing.

ReSULTS
Table 1 summarizes the demographic characteristics of the participants.The study sample consists 413 participants, among which 52% were male and 48% were female participants.Majority of the participants were from age-group 31-40 (33.7%) and had experience of 16-20 years (27.6%).Majority of the participants had bachelor degree (47.9%) and worked as supervisor (44.8%).

SeM for the Conceptual Proposed Frame work
Structure Equation Modelling (SEM) is a method that examines numerous connections simultaneously.PLS is advantageous over regression-based approaches because it can assess numerous latent constructs using a wide range of manifest variables.It is a two-step process that begins with the evaluation of the outer measurement model and concludes with the evaluation of the inner measurement model, which is also referred to as the structural model (Henseler et al., 2009).Figure 2 depicts the fundamental node diagram with loadings.

Measurement Model Assessment
Measurement models describe how constructs are assessed using indicators.The validity and reliability of the indicators employed in multivariate analysis must be confirmed by researchers in order to increase the measure's accuracy.The assessment of measurement models involved the evaluation of construct reliability, convergent validity, and discriminant validity, as per the recommendations outlined by Hair et al., 2017.The value of Cronbach's alpha and composite reliability exceeded the minimum acceptable value of 0.7 (Hair et al., 2017) (Table 2).Therefore, the construct reliability is established.In addition, convergent validity was tested by examining factor loading and average variance extracted (AVE), as suggested by Hair et al., 2017).The present investigation had factor loadings above the threshold value (0.60) and AVEs above the threshold value (0.50), respectively.The convergent validity of the study's constructs was thus verified.
Discriminant validity was examined to ensure that one construct's measures do not correlate with those of another (Ringle et al., 2010).For the assessment of discriminant valid Fornell and Larker's (1981) criteria has been utilized.To have the discriminant validity, the square root of each construct's AVE should exceed its bivariate correlations with other constructs (Ringle et al., 2010).Results of the Fornell and Larcker criterion is shown in Table 3, confirms the discriminant validity condition.
This study provides a comprehensive analysis of explaining the impact of Government Top-Level Management Support on the security technology adoption and how the same leads to tangible and intangible benefits.The study has confirmed that there is relationship between governmental top- level management support to combat cyber-attacks with the organization's cyber-security readiness.This finding is in line with other studies in the discipline and particularly true in the context when there are hieratical cultures.The study by Georgiadou et al. (2022) provides a comprehensive analysis of the impact of governmental top-level management support on security technology adoption and its subsequent influence on tangible and intangible benefits within organizations.The findings confirm the relationship between governmental top-level management support and an organization's cyber-security readiness, where top-management support is considered, an emergent culture prioritizing cyber-security readiness, leading to the development of an overall security culture.This aligns with the argument that top-management support enables a holistic security support environment, fostering experiential learning and perpetually advancing technology preparedness and performance.
Moreover, the study affirms the relationship between governmental top-level management support and an organization's readiness to combat cyber-attacks, which stimulates the use of preparedness towards security performance and adoption, as evidenced in other studies (Tomaschek et al., 2016).Additionally, the study accepts the relationship between technological readiness and security performance, acknowledging the theoretical and empirical evidence supporting the influence of technology readiness on organizational performance.
Going further on the web of relationships, the study also partially accept that there is a relationship between technological readiness of an organization to adopt new technology and with the security performance of the organization.As technology readiness though found leading to the performance and the phenomenon is well establish both theoretically as well empirically (Olechowski et al., 2015).New technology, however, brings new challenges and doubts may therefore make organizations to remain hesitant while switching to new technology.This is usual as new constraints emerge while making the required changes in the preparedness (Olechowski et al., 2020).
The study proceeds further and confirm that a good security performance of an organization also results in high tangible benefits for the organization.This results further strengthen the path of impacts towards the outcomes of technology adoption.These tangible benefits can be in the form of more improved operation results and profitability and reduction of losses that can be measured as it is believed that "finance and technology meet at the crossroads of technology readiness" (Clausing and Holmes, 2010).Additionally, it establishes that good security performance leads to high intangible benefits for organizations and stakeholders, contributing to perceived safety and corporate social responsibility (Ying et al., 2016).Further, it has also been confirmed that a good security performance of an organization results in high intangible benefits for the organization.As and when the organization demonstrate a good security performance, results in intangible benefits to not just the organization and the stakeholders around it but to the society at large as perceived safety is established through corporate social responsibly of maintaining a safe working place (Berlilana et al., 2021).

Mediation Analysis
The impact of the mediating variable between the independent and dependent variables was examined using mediation analysis.The results of the mediation analysis are depicted in Table 5.
The analysis of the mediating effects in the study provides crucial insights into the dynamics of cybersecurity implementation and its outcomes.It reveals that the mediating role of Organizational Security Adoption (OSA) is significant across most constructs, with the notable exceptions being the relationships between INC and TB, and INC and IB, where OSA does not exhibit a significant mediating effect.This suggests that while OSA generally plays a key role in bridging various elements of cybersecurity readiness and performance, its influence is not universal across all variables.
Furthermore, the mediating effect of INC (Investment in Cybersecurity) is not significant when linking Top-Level Management (TopM) support to Organizational Digital Adoption (ODA), nor in the combined effect of INC and OSA between TopM and Tangible Benefits (TB).This implies that the investment in cybersecurity, while crucial, does not always directly translate to digital adoption or tangible benefits, especially when considered in tandem with OSA.The study underscores the pivotal role of governmental top-level management support in mediating the relationship between cybersecurity readiness and both tangible and intangible benefits post-adoption.This highlights that effective cybersecurity implementation is not solely a matter of technical readiness but also significantly depends on the strategic and administrative support provided by top management.When this support is aligned with enhanced security performance, the likelihood of realizing both tangible (such as reduced cyber incidents and enhanced operational efficiency) and intangible benefits (like improved stakeholder trust and reputation) increases.Moreover, these benefits extend beyond the internal workings of an organization.They impact external stakeholders, suggesting a broader societal benefit.However, this raises further questions about the preparedness of external users and their ability to adapt to and benefit from enhanced cybersecurity measures, as indicated by Parasuraman (2000).
The study partially confirms the mediating role of technological readiness in the relationship between governmental top-level management support and the tangible and intangible benefits post-adoption.This suggests that while technological preparedness is essential, its effectiveness in translating top-level support into concrete cybersecurity benefits is only partially realized.The reasons for this could range from the pace of technological change outstripping organizational adaptation abilities, to potential gaps in aligning technological capabilities with strategic objectives.In conclusion, this comprehensive analysis indicates that while the interplay between top-level management support, investment in cybersecurity, and technological readiness is complex, they are crucial factors in determining the successful adoption and benefits realization of cybersecurity measures within organizations.
continued on following page  TC1: In my organization, there are sufficient experts in the field of information technology in quantity and quality in managing cyber security, TC2: In my organization, there is sufficient infrastructure in quantity to manage cyber security, TC3: The resources owned by the organization from the technological aspect to ensure cyber security in quantity and quality are better.

Cyber Security Readiness-Organizational Context (OC)
OC1: Availability of skilled qualified personnel to manage cyber security, OC2: In my organization, there are workshops, training, and activities that support quality improvement for personnel who manage cyber security, OC3: Availability of resources from the personnel aspect to manage cyber security in the organization

Cyber Security Readiness-Environmental Context (EC)
EC1: In my organization, the managers always seek to establish communication with the environment involved to ensure cyber security activities run smoothly, EC2: In my organization, the managers always enhance cyber security together with the organizational environment involved on an ongoing basis, EC3: In my organization, manages knowledge derived from experience to ensure it can solve problems in the environment involved, quickly and accurately

Figure 1 .
Figure 1.Research model conceptual framework In my organization, aspects of cyber security are always considered, OSA2: In my organization, software and hardware to support cyber security are always used and managed properly, OSA3: From the operational and strategic aspects, my organization always prioritizes cyber security Technology Readiness-Optimism (OPT) OPT1: The security of the new technology makes me believe it is more effective and efficient at work, OPT2: The security of the new technology makes me feel more freedom in my activities in my work, OPT3: In trying to learn about security in new technologies I have found the benefits of those technologies Technology Readiness-Innovative (INV) INV1: From the service and security aspect, the new technology in my organization is easy to use, INV2: From the aspect of security, it is very helpful in activities in the work environment, INV3: With cyber security technology that is always updated, I feel a lot of interest Technology Readiness-Discomfort (DCT; reverse scored) DCT1: Guidelines that provided in my organization for using cyber security services are rarely read and paid attention to, DCT2: The manual book provided by my organization for cyber security is difficult to understand, DCT3: The assistance provided in my organization to handling security incidents made me uncomfortable Technology Readiness-Insecurity (INC; reverse scored) INC1:I am worried that confidential data and information may be widely publicized in my organization, INC2: I'm worried about the security of the online activity in my organization, INC3: I am concerned about confidential data and information to external providers Tangible Benefit (TB) TB1: In recent years, the employee performance in my organization have increased, TB2: In recent years my organization goals have been met, TB3: In recent years my organization security against cyber-attacks were controlled Intangible Benefit (IB) IB1: In my organization, Customer loyalty has increased in recent years, IB2: The number of new customers has increased in recent years, IB3: In recent years, my organization have had a significant competitive advantage among other organizationsTop Management Support (Top)TopM1: Top management help to provide resources for adopting cyber security, TopM2: Top management help to understand the benefits of cyber security, TopM3: Top management help to encourage the development of cyber security, TopM4: Top management intends to issue supporting regulations for cyber security in my organization

Node diagram for the PLS-PM model with loading and path estimates Table 2. Outer model summary table for the PLS-PM Model Construct Cronbach's alpha Composite reliability (rho_a) Composite reliability (rho_c) Average variance extracted (AVE)
EC: Environmental Context, OC: Organizational Context, TC: Technological Context, IB: Intangible Benefit, OSA: Organizational Security Adoption, TB: Tangible Benefit, DCT: Discomfort, INV: Innovative,, INC: Insecurity, OPT: Optimism, Top: Top Management Support