Writing about computer systems twenty-five years ago, Schneier wrote that “the worst enemy of security is complexity” (Schneier, 1999), because complex systems are both easier to attack and harder to secure than simpler ones. In this essay, we provide an overview of Schneier’s complexity principle and provide our observations of how two articles in this issue, Liang et al. (2025) and Tanriverdi et al. (2025), employed this principle in their research. We also offer our ideas for why complexity and cybersecurity are especially amenable for study in the field of information systems and where future research can go from here.
GUEST EDITORIAL: “Complexity Is the Worst Enemy of Security”: Studying Cybersecurity Through the Lens Of Organizational Complexity
Out of stock
SKU
49.1.075
Abstract
Additional Details
| Author | Bruce Schneier and Anthony Vance |
| Year | 2025 |
| Volume | 49 |
| Issue | 1 |
| Keywords | Complexity theory, mergers and acquisitions, multihospital systems, data breaches, cybersecurity |
| Page Numbers | 205-210 |