a general framework of digitization risks in international business · 2021. 5. 27. ·...

INVITED RESEARCH NOTE

A general framework of digitization risks

in international business

Yadong Luo

Department of Management, Miami Herbert

Business School, University of Miami,Coral Gables, FL 33146, USA; Sun Yat-Sen

University Business School, Guangzhou, China

Correspondence:Y Luo, Department of Management, MiamiHerbert Business School, University ofMiami, Coral Gables, FL 33146, USAe-mail: [email protected]

AbstractDigital global connectivity offers multinational enterprises new opportunities,

but it also brings unique risks, an area not yet well examined in internationalbusiness. This article presents an organizational information-processing

framework, which elucidates what (risk types and sources), how (risk

assessing and managing), and whom (vulnerable firms) these risks relate to,in a dialectical manner that seeks to combine theoretical insights and

managerial actions. We focus on three types of risks (digital interdependence,

information security, and regulatory complexity) that MNEs uniquely face, andexplain within-country and cross-country risk drivers. We document variances

among MNEs in exposure to these risks, proposing that information flow

intensity, geographic diversity, international strategy, and global platform

participation carry strong implications on the firm’s risk exposure and response.Finally, this framework offers actions essential for MNEs, individually and

collectively, to manage digital risks, emphasizing processes of building and

deploying digital intelligence in pursuit of transnational resilience for cross-border activities that become increasingly digitally connected.

Journal of International Business Studies (2021).https://doi.org/10.1057/s41267-021-00448-9

Keywords: digital risk; digitization; digital connectivity; risk exposure; risk management

INTRODUCTIONDigitization reshapes international business in a myriad of ways,and presents a new frontier for IB research (e.g., Benito, Petersen, &Welch, 2019; Cantwell, 2009; Hennart, 2019; Nambisan, Zahra, &Luo, 2019; van Tulder, Verbeke, & Piscitello, 2019). Digitallyconnected global firms reap the benefits of many new opportuni-ties, such as obtaining global resources, reaching foreign customers,and improving efficiency for global operations, but business leaderscannot underrate associated risks. In fact, managing risk forms oneof the primary objectives of firms operating internationally (Miller,1992, 1998; Tong & Reuer, 2007; Werner, Bouthers, & Bouthers,1996). Yet, IB scholarship has so far only focused on the political,financial, and transactional risks in international business (Rug-man, 2009), leaving digitization-related risks largely unaddressed.Threats arising within an increasingly digitized environmentprompt the need for more thorough study, opening a host ofimportant questions for the IB research community to explore.

Received: 2 July 2020Revised: 4 April 2021Accepted: 10 April 2021

Journal of International Business Studies (2021)ª 2021 Academy of International Business All rights reserved 0047-2506/21

www.jibs.net

http://www.jibs.net/

Scholars seeking to understand the dangers aris-ing from digital connectivity need to define anddelineate the risks, which range from overdepen-dence to cyber attacks. Researchers in the fieldstand uniquely positioned to examine the rippleeffects of information breaches, supply disruption,cyber crimes, and other digital breakdowns, sincethese disruptions are often global in nature, notconfined to one country or region (McKinsey,2020). Digitization itself entails critical risks, yetdigital connectivity technologies, intelligence, andcapabilities may be used wisely to curtail them(Chinn, Kaplan, & Weinberg, 2014). This juxtapo-sition compels us to look at the potential hazardsunder a unified lens that combines risks andcapabilities in digitization and integrates mandatesfor both global compliance and local adaptation.For an MNE, failure from leadership to addressdigitization threats could cause huge contagiondamages not just to the global operations withinthe firm and with partner firms in various countriesand industries but also to the company’s globalreputation and the public’s goodwill. For thisreason, we develop our framework from the infor-mation-processing logic (Egelhoff, 1991; Tushman& Nadler, 1978), which holds that information-processing needs increase when uncertainties andrisks aggravate, in turn requiring accentuated infor-mation-processing capabilities. This theory can alsoguide us to pinpoint what information related todigital risk (from within-country to cross-country)should be processed, how distinctive digital risksshould be aligned differently with information-processing needs and capabilities, and what type ofmultinational enterprises (MNEs) are particularlyvulnerable to potential hazards from a digitalenvironment.

In this study, we define digital globalization as aform of globalization that digitally connects busi-nesses across nations with flows of data, informa-tion and knowledge, and digitally enabled flows ofgoods, services, investment, and capital. We ana-lyze digital risks in global operations and prescribeways to evaluate and manage them. Our studyincludes a look at how MNEs can curb these risksboth individually and collectively. Additionally, weconsider how MNEs diagnose related risk itemsboth within and across countries, followed by theways to manage these threats through amelioratedinformation-processing capabilities. We alsoacknowledge the diversity and divergence of MNEsin their exposure to these risks, since they vary intheir level of susceptibility to the digital disruptions

that plague global activities. This study highlightsthat an MNE’s information intensity, geographicdiversity, international strategy, and platform par-ticipation have implications on risk exposure andresponse. We foresee a pressing need for IB scholarsto provide a more nuanced understanding of theidentified risks and offer our suggestions to pushthis frontier forward.

DEFINING DIGITAL RISKSRisk signifies a probability of a negative occurrencecaused by external or internal vulnerabilities thatthreaten business activities. We define digital risk inIB as uncertainty or disruption, caused by digitiza-tion forces in countries wherein the MNE operatesor competes, that adversely impacts companyoperations. As globalization enters a new era fullof disruptions and adversities, which heighten bothnew and old IB risks, digital connectivity acts as adouble-edged sword, serving as both an enabler forcross-border activities when harnessed properly anda disrupter when not. Digital connectivity is madepossible through digital platforms, information andcommunication technologies (ICT), internet andintranet access, and other digital technologyenablers, such as big data, cloud services, and dataanalytics and intelligence. Digitalization buttressescross-border transactions, while transmitting avaluable stream of ideas and innovation aroundthe world (Banalieva & Dhanaraj, 2019; Hennart,2019; Kano, 2018; Tallman, Luo, & Buckley, 2018).Yet, beyond the benefits, inherent risks ensue, withthe following three types of digital risks worthelaboration.1

Digital Interdependence RiskDigital interdependence risk manifests as unex-pected breakdowns, contagions, and interruptionscaused by digital interconnectivity between a focalMNE and its worldwide business partners, vendors,suppliers, distributors, customers, and corporatemembers in various countries. Digital globalizationmakes international companies more dependenton others, thus making them subject to morecontagion effects from all risks facing them andpartnering units (McKinsey, 2020). A more inter-connected, digital world magnifies the impacts ofexternal shocks and spreads ripple effects faster.The 2008 financial crisis showed how rapidly thelinkages between the world’s capital markets canallow contagion to spread.2 Digital connectivityaccelerates and widens the adverse spreading of a

A general framework of digitization risks Yadong Luo

Journal of International Business Studies

global platform’s breakdown, as a whole or in part,reflecting digital fragility due to interdependence.

While digitization bolsters interdependence forbusinesses that rely on digital connections andplatforms, the connectivity also helps internationalbusinesses cope better with disruptions and adver-sities (e.g., COVID-19 pandemic). Thus, digitalglobal connectivity is both a dominant feature ofthe new era for international business and a criticalcatalyst to address new adversities and uncertain-ties in the post-pandemic era. This double-edgedsword effect summons scholarly attention in twoways. One, firms vary in their vulnerability todigital risk, and two, firms differ in their ability tocircumvent digital risks for global operations. Wefollow-up on these issues in a later section.

Global Information and Cyber Security RiskGlobal information and cybersecurity risk refers topotential loss or harm stemming from an MNE’sfragility in its information and communicationssystems, which may result in cyber attacks or databreaches. Digitization expands the marketplace to aglobal arena and pushes MNEs to be more depen-dent on the exchange of information, data, and ICTinfrastructure. Global customers are reluctant touse a digital outlet that does not offer privacyprotection, and want assurance that the businessprovides the best possible security, availability,reliability, and performance (Nambisan et al.,2017; UNCTAD, 2015). Accordingly, as informationflows across borders, corporate concern for datasecurity grows (EIU, 2014). New technology renderscompanies vulnerable to threats of securitybreaches, fraud, disruption of services, and failureto meet service levels, and the vulnerabilityincreases for international businesses. Many MNEshave already undergone security breaches frominternal and external sources, a new type of IB riskinvolving both economic and social symptoms(World Bank, 2016). The indirect damage of suchbreaches, which might include the loss of valuabledata, consumer trust, and business reputation, canbe immense and difficult to recover from. For thesereasons, firms must think beyond physical securityand consider protecting themselves against intan-gible risks.

Beyond the already well-known cyber crime,cyber terrorism, and cyber espionage phenomenathat constitute a national security threat, informa-tion security cyber attacks arise as a new type of IBrisk for virtually all MNEs. As international trans-actions and processes become more digitized,

global companies find themselves increasinglyprone to vicious cyber attacks (Kshetri, 2005). Highprofile hacks and breaches have already hit many ofthe world’s largest companies. Cyber crime, includ-ing consumer data breaches, financial crimes, mar-ket manipulation, and theft of intellectualproperty, costs the global economy about US$400billion in annual losses.3 Almost certainly, cyberattacks will multiply and affect more businesses inthe future, and companies that lack adequatetechnological capability and security knowledgeare even more susceptible. While tools such asfirewalls have become a standard for securingdevices and zones, risk management in the digitalage requires a big picture, managed-serviceapproach which can protect entire IT ecosystemsover time. That is, the focus in cyber security ischanging from devices to services.

Digital Regulatory Complexity RiskDigital regulatory complexity risk occurs due to themany different aspects of digitalization-related reg-ulations, rules, and standards imposed in thevarious countries where an MNE operates, creatingregulatory multiplicity, variance, and incompati-bility that exacerbate disruptions to cross-borderactivities. An amicable institutional environmentproduces a seamless and consistent user experiencearound the world (Oxley & Yeung, 2001). However,the increasing level of regulations by many gov-ernments, in developed and developing countriesalike, cover a number of areas in data protection.The scope of regulations is widening, with addi-tional scrutiny placed on areas like customer pro-tection, digital taxes, information security, andnational security. The extent and implications ofthese regulations directly drive the need to preparefor digital risks. For instance, in preparing for theGeneral Data Protection Regulation in Europe,banks and other financial institutions must takethe necessary steps to bolster their digital capabil-ities, such as adopting sophisticated techniques forcustomer master data management.4

Many governments around the world currentlyconsider limitations on what kind of data can betransmitted beyond country borders and wheredata must be stored. Some are moving towardregulations that would require companies to useservers physically located within their borders toprocess and store data generated there. Variationsof this type of law exist in Indonesia, Nigeria,Russia, Vietnam, and many others (Manyika, Lund,Bughin, Woetzel, Stamenov, & Dhringra, 2016).



Meanwhile, the Great Firewall of China acts as thecombination of legislative actions and technologiesenforced by the country’s government to regulatethe internet domestically. Yet, regulations to pro-tect privacy signify an important part in unleashingthe benefits of digital connectivity, since totalfreewheeling use of the internet, or no governmen-tal restrictions on internet content, may not beadvisable due to the dark side of digitization. Theprivacy of citizens and users of digital connectionshave to be safeguarded (UNCTAD, 2015).

Sources of Digital RisksKnowing the underlying sources for the above riskswarrants equal attention. MNEs are prone to thesethreats not only within individual countries butalso from supranational forces, demarcating twomain sources: within-country and cross-country.Under each, several specific items exist that reflectand contribute to digital risk. In this study, within-country risk items focus on a foreign target countryand cross-country risk items deal with bilateral orinternational factors such as home-/host-countryrelations and geopolitics.

Within-country (target country) sourcesWithin-country sources entail governmental orregulatory policy restrictions over digital connec-tivity and digital commerce, as well as policydiscrimination and barriers against foreign firms.Legal standards that prevent digital, e-commerce,and internet frauds fall under this category. Otherimportant regulatory items include weak protec-tion over digital intellectual property rights (e.g.,artificial intelligence; AI) and poor transparency inenforcing economic and regulatory policies towarddigital connectivity. A target country’s economicconditions, such as the soundness of key economicsectors (e.g., electronic, internet, ICT) and its abilityto connect with the world, will significantly impacta foreign firm’s global connectivity. A myriad ofphysical conditions also affect the country’s digitalrisks. These include broadband supply (fiber optics,4G or 5G coverage), international internet band-width, internet data routes, mobile telecommuni-cations, communications satellite, networkinfrastructure, data centers, cloud investment, bigdata investment, and Internet of Things invest-ment by governmental and private sectors(UNCTAD, 2015; World Bank, 2016).

Cross-country sources

Geopolitics becomes a primary factor within thecategory of cross-country sources. Amid the tradedisputes between the United States and numerouscountries (China, in particular), many govern-ments’ scrutiny of takeovers by foreign companieshas increased, with a sharper focus on the implica-tions for national security and technological advan-tage associated with ICT and other digitaldevelopments. Accordingly, a growing divergencein digitization systems and ICT standards betweeneconomies exists (e.g., one based on US-led normsand rules and the other around China’s in the 5Gnetwork).5 Deteriorating home-/host-country tiesfurther exacerbate this complexity. MNEs can easilyget hit by worsened bilateral relationships betweenhome and host countries (or regions).6 Addition-ally, the digital era makes MNEs more susceptible torisks caused by international events unfoldingbeyond the foreign target country, including ter-rorism and cyber attacks. Digital technologies havemade it easier for criminal groups or individuals toconduct foreign assaults, in secret or by proxy,putting businesses on the front line (Kshetri, 2005).

VARYING EXPOSURE TO DIGITAL RISKSFigure 1 exhibits our framework, highlighting thekey concepts and their interrelationships behindMNE management of digital risks. We constructthis framework based on the information-process-ing theory, which establishes that organizationscan be seen as information-processing systems thatmust deal with work-related uncertainty (Egelhoff,1982; Tushman & Nadler, 1978), with informationtechnologies among the essential capabilities nec-essary to curb this uncertainty (Daft, 1992). Asdetailed below, we make several major points: first,digital threats increase operational complexity, andthus information-processing demands. Second,MNEs vary in their exposure to digital risks due totheir firm-specific dynamics and consequently varyin information processing requirements, with thosewith higher levels of information and data inten-sity, geographic diversity, and global platformparticipation being particularly vulnerable. Third,MNEs will manage such requirements by institut-ing and accentuating information-processing capa-bilities or mechanisms, such as risk analytics,digital intelligence, risk control, and collectiveactions. Lastly, success in managing digital hazardsrequires not only a fit between information pro-cessing requirements and information processingcapabilities but also between the type of digital



risks and the corresponding information-process-ing needs and capabilities. This fit carries strongefficiency and cost implications, as MNEs differ intheir dependence on and sensitivity to varyingdigitization disruptions that affect global opera-tions. The information-processing theory shareswith the transaction cost economics line ofthought in the importance of cost saving in infor-mation processing, but more notably, it sheds lighton the information-processing mechanisms andcapabilities furnished by organizational design.

According to the information-processing theory,complexity and uncertainty in performing cross-unit operations or duties derive from such sourcesas task complexity, task interdependence betweensubunits, and task environment dynamism

(Tushman & Nadler, 1978). These three sourcescombine to influence the degree of work-relateduncertainty or complexity faced by the firm. As theambiguity or intricacy increases, so does the needfor processing higher levels or more types ofinformation (Egelhoff, 1991). In a digital setting,task complexity is likely to rise when the MNE’sinformation and data intensity increases. Likewise,task interdependence may intensify when the MNEmore actively participates in global platforms oradopts a more globally integrated strategy (asopposed to multi-domestic). Meanwhile, environ-mental dynamism becomes amplified when thefirm expands its geographic diversity, whether interms of global supply chain or foreign marketexpansion (Kano, Tsang, & Yeung, 2020). For these

Type of Digital Risks in Interna�onal Business

Digital Interdependence RiskInforma�on Security Risk

Regulatory Complexity Risk

Informa�on Processing Needs & Requirements

(Who or when facing greater vulnerability)

� Informa�on & data intensity� Geographic diversity� Type of interna�onal strategy� Global pla�orm par�cipa�on

Informa�on Processing Capabili�es & Mechanisms

(What it takes to contain and manage)

� Risk analy�cs� Digital intelligence� Risk control� Collec�ve ac�ons

FIT

FIT

FIT

Within-country risk sources

� Social items� Regulatory items� Economic items� Infrastructure items

Cross-country risk sources

� Geopoli�cs� Home-host country �es� Interna�onal events� Terrorism & cybera�acks

Source informa�on to be processed

Improve MNE performance in strategic resilience, transac�on cost saving, and internaliza�on benefits

Figure 1 An information-processing framework of IB digital risks.



reasons, we emphasize information and data inten-sity, geographic diversity, type of internationalstrategy, and global platform participation as thecritical determinants of information-processingdemands for digitally connected activities, andaccordingly as contributing factors of firm-specificexposure and digital risk vulnerabilities.

Information and Data IntensityMNEs diverge in their information and data inten-sity: that is, some firms rely more than others oninformation and data flows that connect witheither internal members or external players. Exec-utives establish a digital architecture to work withglobal suppliers, connect to worldwide customers,virtually cooperate with global teams, and enableinternal communication and data sharing for aglobal workforce. This architecture consists ofglobal enterprise resource planning (ERP), humancapital management (HCM), customer relationshipmanagement (CRM), a data management platform(DMP), cloud computing, and a social marketingplatform, among other features to manage world-wide resources and relationships. However, thesesystems are more essential and pivotal to somefirms (e.g., IBM) than to others (e.g., Disney). Whiledistance, space, and time-related governance issuesmay decrease in importance due to digital connec-tivity (Monaghan, Tippmann, & Coviello, 2020),organizing and monitoring costs associated withconnectivity will increase (Luo, 2021; Rangan &Sengul, 2009).

The information-processing theory holds thatthe requirements for processing information aregreater if a firm is more prone to informationbreaches and external shocks (Egelhoff, 1991).Thus, firms with higher information and dataintensity are likely more susceptible to cyber securityrisk and regulatory risk. In the current geopoliticalenvironment, ICT has become a battlefield for newtechno-nationalism. Several countries, especiallytechnological powerhouses, vie for ICT technolo-gies and standards to accentuate their economicdominance and market power (Sacks, 2020). As ICTbecomes a foundational infrastructure in the digitalage, many MNEs’ global value chain activities areobstructed by cross-country regulatory differencesand even tensions in ICT spheres (UNCTAD, 2015).Since digital infrastructure (e.g., automated pro-cesses, strong AI-supported algorithms, and cloudcomputing) plays a significant role in a company’sglobal supply chain and production network, MNEleaders often find it difficult to relocate from one

country to another (Adner & Kapoor, 2010; Bruno& Shin, 2014). In addition, as noted earlier, amidthe growing trade tensions, governmental scrutinyof takeovers by foreign companies has increased,with a sharper focus on the implications fornational security associated with digital technolo-gies (McKinsey, 2020).

Geographic DiversityWe define geographic diversity as the extent towhich an MNE has internationalized its businesses(from supply chain to market expansion) andglobally diversified across regions and countries. Ahighly diversified MNE has an overarching geo-graphical presence and a depth of business global-ization. As this diversity increases, an MNEbecomes more exposed to digital risks for severalreasons. First, the MNE with higher diversity mustdeal with greater geographic coverage, in turnexposing itself to digital threats (physical andinstitutional) in more countries. Diversity intensi-fies an MNE’s interdependence with foreignresources, regulators, competitors, partners, ven-dors, platforms, and other ecosystem players (Del-lestrand & Kappen, 2012), leaving the firm toencounter accentuated interdependence risks,information security risks, and regulatory risks invarious countries. In fact, the higher the diversity,the more information-processing nodes areinvolved (both intra- and cross-country items),and, as a result, the higher the digital risks thatarise from both inter- and intra-organizationalexchanges (Benito et al., 2019; Chinn et al., 2014;Stallkamp & Schotter, 2021).Moreover, as diversity ascends, an MNE’s leaders

must cope with a growing complexity of globalactivities dispersed in various regions and coun-tries. Coordination within the MNE system andwith outside business stakeholders becomes moreintricate (Benito et al., 2019). This complexityactually compels many executives to invest moreto improve the organization’s digital architecture(e.g., ERP, HCM, CRM, global talent bank, datamanagement platform, together with cloud com-puting and data analytics) in the quest to managedigital risks. With continued global expansion,leaders of multinationals need to use digital tech-nologies to better design a global value chainsystem, better serve global customers, and bettermanage other kinds of cross-border flows in anorchestrated manner (Buckley & Strange, 2015).This endeavor, however, can make the MNE morevulnerable to internet and intranet breakdowns,



information leakages, and poor digital infrastruc-tures in multiple countries. Further, as diversityincreases, the MNE experiences growing pressure toprocess both within-country (within individualtarget countries) and cross-country informationfor risk assessment. Cross-country risk items, nota-bly global geopolitics, home-/host-country ties, andinternational events (COVID-19 pandemic in par-ticular), more forcefully affect highly diversifiedcompanies. This discussion suggests that as geo-graphic diversity increases, MNEs will undergostronger information-processing requirements fordigital risk management and become more exposedto all three digital risks.

International StrategyLeaders of MNEs use three basic strategies tocompete globally: multidomestic, global, andhybrid or transnational (Bartlett & Ghoshal,1989). A multidomestic strategy, or local adapta-tion orientation, which focuses on competitionwithin each country and emphasizes the segmen-tation of foreign markets by national boundaries,marks high local adaptation and responsiveness inrespective countries where the MNE subunits com-pete. Strategic and operating decisions are decen-tralized to foreign subunits in order to custom-tailor products and services to local markets. Forthis reason, this strategy exposes the MNE to morewithin-country digital risks encompassing regula-tory, infrastructural, economic, and social items, aspreviously explained. A multidomestic strategy alsorequires less intra-network communication, coor-dination, and integration (Bartlett & Ghoshal,1989) and thus lowers the demand for intra-MNEdigitization interdependence and interconnection.

A global strategy assumes more standardizationof products across national markets. Foreign sub-units are presumed interdependent, with headquar-ters focused on attaining integration between them(Prahalad & Doz, 1987). This strategy leverages aglobal economy of scale and opportunities to useinnovations developed at home. SAP Business One,an integrated ERP solution for global businessesand their foreign subsidiaries and suppliers world-wide, represents an example of a specific digitalarchitecture implementing this strategy. The appli-cation’s flexible and scalable core solution supportsexpansion and allows for future growth and inno-vation. This architecture offers a single code base tomeet legal and language requirements of countriesaround the world. In addition, all business func-tions come in one package, which makes them easy

to set up, optimize, and use. Integration with othersystems is simple and possible via certified standardintegration packages or open application program-ming interfaces. This kind of architecture helpsunder the global strategy, or higher global integra-tion orientation, since the MNE faces more cross-country risk forces, such as home- and host-countrytrade ties and geopolitics that affect digitalglobalization.A transnational strategy sits between the mul-

tidomestic and global ones (Prahalad & Doz, 1987).This hybrid strategy seeks to achieve both globalefficiency and local responsiveness and requires ashared vision and individual commitment throughan integrated yet flexible organizational network(Baaij & Slangen, 2013). MNE leaders adopting thisstrategy aim to fulfill two purposes: stimulatingintra-firm communication to avoid conflictsbetween integration and localization, and increas-ing flexibility and discretion to foreign subunits.Firms using the hybrid strategy must transferdistinctive competencies within the network, whileheeding pressures for local responsiveness (Bartlett& Ghoshal, 1989). These dual mandates cement theinformation-processing demands in a way thatforces the digitization design to satisfy variancesand contingencies, in which foreign subunits mustbe sufficiently differentiated to confront diversedemands, markets, and policy environments (Stur-geon, 2020). Competence building and globallearning do not reside in the home country alone,but can develop in any of the MNE’s worldwideoperations. Consequently, MNEs maintain the flowof skills and information in a multidirectionalfashion (i.e., from any unit to others), but theflexibility increases exposure to all digitalizationthreats previously identified. For example, risks ofinterdependence with global ecosystems will behigher when the multinational seeks local adapta-tion and differentiation, and, meanwhile, risks ofinterdependence with corporate members will behigher when it pursues global integration andstandardization. Therefore, we envision that MNEsadopting the transnational strategy will be moreexposed to the three types of digital dangers thanthose adopting either the global or the multido-mestic strategy.

Global EcosystemsToday, few MNEs or industries stand immune tothe influence of digital global platforms andecosystems (Li, Chen, Yi, Mao, & Liao, 2019;Nambisan et al., 2019; Stallkamp & Schotter,



2021). The unabated digitization that has occurredin many countries and industries imply that com-panies must view their offerings not just as stan-dalone entities but as part of a broader, connectedsystem. Moreover, these offerings increasinglycomprise digital assets that can be easily trans-ported across national and organizational bound-aries, and changed and recombined to cater to theneeds of a particular foreign market (Boudreau,2010; Nambisan et al., 2017). Meanwhile, data lie atthe core of an MNE’s digital platform and ecosys-tem strategy. When a platform has global reach,one assumes that data can be moved aroundnational borders, but this assumption becomesincreasingly questioned as governments in almostall parts of the world impose certain restrictions onhow, when, or to what extent companies cantransfer data across their borders (World Bank,2016). Such evidence shows the duality of bothrewards and risks behind global platforms andecosystems.

MNEs that depend more on global platforms andecosystems are expected to face greater needs forinformation processing. Firms that participate inmore diverse and intricate ecosystems may con-front larger digital risks. To start, these firms willencounter higher interdependence risks and conta-gion effects within the ecosystem. In a cross-cultural and cross-border setting, finding commonground and common values between an MNE andits partners may become more difficult (Bock,Opsahl, George, & Gann, 2011; Kano, 2018). Forexample, disparities in information-processing-re-lated policies between a company’s home countryand foreign ecosystem members may present acritical challenge when attempting to engage withpartners in digital innovation. When the ‘‘whoowns what’’ question cannot be clearly answered,leaders of firms could feel the need to narrow theirareas of direct engagement due to higher thanexpected digital risks.

Secondly, conflicts and coordination prove diffi-cult to manage within global ecosystems, whichtend to be loosely coupled (Nambisan et al., 2019).This reality prompts challenges for members, indi-vidually or collectively, in controlling digital risks.When cross-border differences in digitization envi-ronments are small, top managers may have thepossibility to adopt more direct coordination prac-tices. However, substantial differences may leadmanagers to wall-off their decision-making processand rely more on enhancing the visibility ofpartner activities rather than coordinating them.

In addition, firms more dependent on ecosystemsare subject to higher infrastructural and institu-tional threats related to digitization. Engagementwith broadened platforms demands a common setof rules and policies to minimize the possibility forone partner to derive undue advantage and lowerthe overall uncertainty in collaborative activities.Because of these reasons, we postulate that MNEsactively participating in more diverse and complexglobal platforms and ecosystems will be moreexposed to the three digital risks.

MANAGING DIGITAL RISKSManaging the threats from digital connectivitydemands information-processing capabilities. Theinformation-processing theory holds that the effec-tiveness of governing operations performed byvarious subunits in different locations lies in thematch between the information-processing needsand information-processing capabilities of the firm,manifested in information technologies and dili-gence as well as risk control mechanisms (Tushman& Nadler, 1978). Egelhoff (1991) documents thatthis match has significant implications for MNEsand that headquarters’ organizational monitoringand control forms a critical component of theinformation-processing capabilities. As we elabo-rate below, risk analytics, digital intelligence, riskcontrol, and collective actions are among the keyinformation-processing capabilities required formanaging digital risks.

Risk AnalyticsRisk analytics involves a set of qualitative andquantitative techniques used to identify and assesssources or factors that may jeopardize the success ofdigital activities. The analysis also helps to definepreventive measures to reduce the probability ofthese factors from occurring, as well as to identifycountermeasures to deal with these constraints.The information-processing theory integrates con-cepts of uncertainty and risks with information-processing mechanisms to assess the congruencebetween what is required for information process-ing and the firm’s preparedness to satisfy thisrequirement (Tushman & Nadler, 1978). Risk ana-lytics produces intelligence to help achieve theequivalence.Qualitative approaches use a substantial amount

of expert insight, judgmental inputs, and subjectiveanalysis. Executives from headquarters may dis-patch a team of specialists (such as from IT, global



supply chain, intellectual property rights, market-ing, or other) to work together with foreignsubsidiary specialists to identify and analyze thedigitization risk environment and offer potentialsolutions. MNE leaders can also evaluate risksthrough due diligence coordinated by a headquar-ters team composed of experts from related func-tions and areas (e.g., internal control, ICT, globalplanning, crisis management, and supply chain).

Through quantitative analytics, digital threatscan be tabulated and analyzed by integrated com-puter simulation, modeling, machine learning,data automation, complexity analytics, and AI,among others. Under this approach, managementemploys or creates sophisticated tools to monitorand analyze behavior and activities in real time andfor globally dispersed activities inside and outsideof the company. For instance, AI-based analyticsplatforms can manage global supply chain risks byintegrating varied information about suppliers,from their geographical and geopolitical environ-ments to their financial risk, sustainability, andcorporate social responsibility scores (Chinn et al.,2014). Similarly, AI systems can detect, monitor,and repel cyber attacks by identifying software withcertain distinguishing features – for example, atendency to consume a large amount of processingpower or transmit a large quantity of data – andthen closing down the attack. In the global financesector, machine learning has successfully detectedcredit card fraud for multinational banks (Chinnet al., 2014).7

While both qualitative and quantitative analyticsare needed in dealing with all digitization threats,we assume that the qualitative approach becomesmore important to address digital regulatory risk.Many governments have neither afforded a restric-tion-free open internet policy nor adequately pro-tected the privacy of internet users, becoming acritical impediment to the value of digital connec-tions (Potrafke, 2015; World Bank, 2016). Probingsuch institutional risks depends heavily on duediligence, on-the-field intelligence, and seasonedexpert input. In comparison, quantitative analyticsseems more relevant for evaluating cyber securityand interdependence risks. Global internetbreaches can disable a system infrastructure orpilfer confidential information, such as customercredit card numbers, social security numbers, andbusiness transactions (Gregory, Henfridsson, Kaga-ner, & Kyriakou, 2020). Quantitative analytics likedata science and AI-based risk stimulation can help

deeply diagnose the causes and effects of digitaldependence risk (Chinn et al., 2014).

Digital IntelligenceManaging digital risks requires not only investmentin digital technologies (e.g., bolster informationsecurity) but also sharpening corporate digitalintelligence in identifying, containing, controlling,and neutralizing these risks. We define digitalintelligence as the ability to capture opportunities,appropriate values, and alleviate risks throughdigital tools. More than just the ability to usedigital technologies (e.g., social, mobile, analytics,cloud, and cyber security) and risk analytics notedabove, this form of intelligence addresses the what,why, where, when, who, how, and how much ofdigital technology to improve operational effi-ciency, identify risk roots, and help design viablesolutions to mitigate digital hazards. Digital intel-ligence transcends connectivity technologies intovaluable information, real-time forecasts, and inter-firm and intra-firm sharing improvement, which inturn significantly helps managers make criticalbusiness decisions.Digital intelligence goes beyond risk analytics

teams. Instead, individual employees, subunits,leadership, and the organization as a whole needto possess this form of intelligence (Luo, 2021).Research suggests that a strong organizationalcommitment to digital intelligence, including byleadership, must exist to minimize the MNE’sglobal exposure to digital dangers and to handlethese hazards (Yoo, Boland, Lyytinen, & Majchrzak,2012). A firm that develops its own digital intelli-gence among its worldwide units can more easilyaddress digitization-enabled opportunities andthreats. This intelligence supports the managementof resource interdependence with other firms, thesafeguarding of information security, the identifi-cation of new global rivals, and the assessment ofinstitutional risks in both target country and else-where (Rangan & Sengul, 2009). Further, connec-tivity intelligence involves an MNE’s organizationalcapability in nurturing cross-border, inter-unit col-laboration, thus curtailing structural inertia andbureaucratic hurdles that could counteract riskmanagement and bolster network-based or ecosys-tem-specific advantages derived from global part-nerships (Boudreau, 2010; Breton-Miller & Miller,2015). Finally, digital intelligence is imperative tocurbing third-party risks, those associated withoutsourcing to third-party vendors or serviceproviders (Boudreau, 2010). Some reports hold that



this intelligence helps reduce an MNE’s vulnerabil-ities related to intellectual property, data, opera-tions, finances, customer information, or othersensitive information (Bruno & Shin, 2014).

Based on the information-processing theory, wesuggest that MNEs that properly align digitizationintelligence with the corporate elements exposed todigital risks perform better in global competitionthan those poorly aligning the two. Digital intelli-gence stands as an important enabler for organiza-tional resilience, risk and crisis management, andstrategic responses to uncertainties and adversities(Banalieva & Dhanaraj, 2019; Jean, Sinkovics, &Cavusgil, 2010). This acuteness helps the firmwithstand or rapidly recover from operationaldisruptions (including digital disruptions) or hard-ships that significantly impede its core businessesand global operations. Evidence shows that digitalintelligence allows the MNE to more easily identifythe alternatives, build responding processes andguidelines (e.g., business continuity planning), andprepare just-in-case scenarios (McKinsey, 2020). Forinstance, a digital intelligence structure strengthensthe multinational’s sensitivity to emerging threatsand underpins its swift mobilization of globalresources in the face of global uncertainty (Chinnet al.).8

Risk ControlWe define risk control as the set of methods bywhich firm leaders take action to maintain controlover third parties so as to reduce or eliminatepotential digital risks. Risk exposure will be con-tained if the firm exercises greater control ofvulnerable activities conducted by parties outsidethe MNE (Breton-Miller &Miller, 2015). These thirdparties are not only located in numerous countriesbut also vary in type, including global suppliers,distributors, open-source platforms, technologyvendors, industry designers, or R&D co-developers.Mainly, the firm must achieve the right level ofgovernance, both initially and perpetually, aroundsuch areas as security, business continuity, anddata. Also, MNE leaders need to reassess risk issuesover time, such as whether or not the firm shoulddepend on a single cloud provider, outsourcing acritical part of the customer journey to a singlethird party, or automation of core processes.

A number of MNEs (e.g., IBM, Cisco, and SAP)have already built global risk squads: cross-func-tional and cross-border teams formed from a varietyof different disciplines and business units respon-sible for advancing risk control over external

players. The importance of such exposure-riskcontrol has been validated in corporate finance(Bruno & Shin, 2014; Hazlehurst & Brouthers,2019). McKinsey (2020) reports that multinationalsthat are competent in exercising control overforeign suppliers and vendors with greater preci-sion and efficiency enabled by digital intelligenceperform significantly better than their globalcompetitors.

Collective ActionsAddressing digital risks necessitates collectiveactions by MNEs and other organizations that shareinterests in dealing with the common threats, suchas digital regulatory complexity risk and cybersecurity risk. Improving physical and institutionaldigital infrastructure rests on the shoulders of bothgovernments and private sectors (including MNEs),as well as other players such as internationaleconomic organizations and industrial associations(Chen, Shaheer, & Li, 2019; UNCTAD, 2015).Hence, the nature of digital risks compels cross-country, cross-border cooperation. Individual gov-ernments need to foster contributions by andcollaboration with private sectors, including thosefrom foreign countries, promoting a sustainable,pro-business digital infrastructure within which theprivate sector can flourish. Governments shouldalso set clearer rules around online content, elec-tion integrity, privacy, and data portability, as wellas create a pro-competition and transparent policysetting that helps drive investment and innovationin digital infrastructure and activities (World Bank,2016). Creative solutions, like co-investment viapublic–private partnerships, should be facilitatedfor this purpose. In fact, governments themselvesneed to innovate their own digital infrastructure,shifting more administrative and public services toonline and mobile phones. Research shows thatdigital connectivity offers noticeable advantages interms of administrative efficiency, resilience, andubiquity of access for all citizens (Friedman, 2007;Sacks, 2020).MNEs themselves undoubtedly act as critical

players for improving digital technologies in theirrole as digital enablers. Firms also serve to linkforeign economies with the outside world throughvarious activities. One form includes working withhost-country governments on digital openness formore efficient flows of production factors withintheir globally coordinated networks, in turn betterleveraging a host-country’s comparative advantages(Sacks, 2020). MNEs can also work with each other



to meet market demands for digital products andservices. Moreover, improving institutional infras-tructure for digitization strongly depends on thecountry’s development in science, education, andinnovation, areas in which MNEs may activelyhelp, such as through investment in scientificresearch and human capital development (EIU,2014). Also, executives of multinationals can, andshould, work together with host-country govern-ments to encourage, support, and safeguard intel-lectual property rights to encourage enterprises tomake large outlays in digital technology R&Dactivities.9 As new digitization-related industriesor services emerge, MNEs can help host-countrygovernments establish technical and quality stan-dards for the focal industries and related or sup-porting industries.

A digital environment (both technological andinstitutional) is still evolving in virtually alleconomies, meaning that it is not yet exogenousto international business. This trait opens opportu-nities for MNEs to reshape both institutional andphysical attributes of digital environments,through their technological contributions and pol-icy influences, in a way that nurtures the growth ofall businesses, as suggested by UNCTAD (2015).Also, the above collective actions help to harmo-nize some essential standards for digital globaliza-tion (e.g., technology norms like 5G, taxation codefor digital platforms, information protection pro-tocols), thus easing information processing indealing with regulatory and technological incom-patibilities in different countries and stimulatingthe long-term growth of MNEs. Lastly, multina-tional firms are stakeholders in wider industrial,economic, and social systems. Solutions that solvefor an individual company at the expense of orneglecting the interests of others will create mis-trust and damage the business in the longer term(Turkina & Van Assche, 2018; Verbeke & Grei-danus, 2009). Conversely, support to customers,partners, and societal systems in a time of drasticdisruptions can potentially create lasting goodwilland trust. A key element of dealing with economicstress is to live our values precisely when we aremost likely to forget them.

The fit between the information-processing capa-bilities explained above (risk analytics, digitalintelligence, risk control, and collective actions)and the information-processing requirements dis-cussed earlier has performance consequences.Indeed, the information-processing theory holdsthat this fit bears performance implications

(Tushman & Nadler, 1978). MNEs can be moreresilient to environmental disruptions when theyare equipped with information-processing capabil-ities that meet the demands of information-pro-cessing requirements (Williams, Gruber, Sutcliffe,Shepherd, & Zhao, 2017). In the digital globaliza-tion context, matching needs with capabilities canresult in improvement in strategic resilience, trans-action cost saving, and internationalization advan-tages. The aptitude helps firm leaders reach anoptimized balance between where they need toinvest and what they may achieve, or betweenwhere risk exposures occur and how to curtailthem. Egelhoff (1991) suggests, too, that the fitboosts transaction cost saving because it optimizesneeded investment for information processing thatis scalable and transferable across countries inwhich the MNE operates. Similarly, Rugman andVerbeke (2003) document that the capability todevelop optimal internal coordination and controlmechanisms, taking into account cost and benefitcongruence, is an essential, firm-specific compe-tence leading to internalization advantages. Suchoptimal coordination and congruence arise whenthe above fit occurs. Table 1 highlights firmvariance in risk exposure and risk management aswell as performance implications, all anchored inthe information-processing logic.

DISCUSSIONDigitization symbolizes the fourth industrial revo-lution. While digital connectivity may vary acrosscountries, industries, and businesses, and maychange due to disruptions in global geopolitics,public health crises, and world economy slow-downs, engagement in this form of network con-nections unquestionably continues and evenstrengthens. MNEs are both enablers and beneficia-ries of such connectivity, changing the essence ofinternational business. To a large extent, digitalconnections are country (or location) agnosticsince they can be made available (and used) acrossnational boundaries with lower costs incurred thanthrough traditional IB connections (Friedman,2007; Grossman & Helpman, 2015). This qualityallows companies to market their digitally-enabledproducts and services globally with ease. Further,digital technologies and intelligence are generative,or easily modified and combined with other tech-nologies – by companies other than those thatcreated them in the first place – to deliver newersets of capabilities (Jacobides, Cennamo, & Gawer,



Table 1 Managing digital risks in IB: configurations and propositions

Information processing logic Exposure to digital risks (information-processing requirements)

Task characteristics such as information intensity determines

information-processing needs

A: MNEs with higher information and data intensity will be exposed

more to digital risks, especially cyber security risk and regulatory

complexity risk

B: MNEs with higher information and data intensity will more strongly

need to decipher intra- and cross-country risk items

Task complexity and uncertainty determines information-

processing demands

A: MNEs with higher geographic diversity will be exposed more to

digital risks, including interdependence risk, cyber security risk, and

regulatory complexity risk

B: MNEs with higher geographic diversity will more strongly need to

diagnose intra- and cross-country risk items

Task interdependence among subunits and adaptation

pressure heighten information-processing requirements

A: MNEs adopting transnational strategy will be exposed more to all

three digital risks than those adopting multi-domestic or global strategy

B: MNEs with higher global integration will more strongly need to assess

cross-country risk items, while MNEs with higher local adaptation will

more strongly need to assess within-country risk items

Task dependence on and connectivity with other firms

accentuate information-processing needs

A: MNEs depending more on global platforms and ecosystems will be

exposed more to digital risks, especially interdependence risk and cyber

security risk

B: MNEs depending more on global platforms and ecosystems will more

strongly need to assess intra- and cross-country risk items

Managing digital risks (information-processing capabilities)

Firms need to build information-processing

capabilities to meet information-processing

requirements

A: Risk analytics, digital intelligence, risk control, and collective actions are among

the key information-processing capabilities needed to manage digital risks for

international business

B: These capabilities are deployed to assess, contain, and mitigate uncertainty,

complexity, and risks associated with digital globalization

Information processing capabilities must fit

with information-processing demands

for organizing effectiveness

A: MNEs exposed more to institutional risk will need to focus more on qualitative

risk analytics while those exposed more to information security risk and

interdependence risk will focus more on both quantitative and qualitative risk

analytics

B: Improved risk analytics is essential to satisfy increased information-processing

requirements, particularly those caused by information and data intensity,

geographic diversity, and global platform participation

Information technologies and intelligence are

among critical capabilities to process information

A: MNEs exposed more to interdependence risk and cyber security risk will more

greatly need digital intelligence

B: Improved digital intelligence is essential to satisfy increased information-

processing requirements, heightened by information or data intensity,

geographic diversity, transnational strategy, and global platform participation

The fit between information-processing

needs and capabilities is an orchestrated effort,

and control is a critical capability of this kind

A: MNEs exposed more to interdependence risk and cyber security risk will more

greatly need control over third parties

B: Improved risk control is essential to satisfy increased information-processing

requirements, particularly those escalated by geographic diversity,

transnational strategy, and global platform participation

Managing task and institutional environment

complexity and uncertainty needs some

joint actions by all members facing them

A: MNEs exposed more to regulatory complexity risk and interdependence risk

will need more emphasis on collective actions by MNEs facing the same

environment

B: Improved collective actions are imperative to satisfy increased information-

processing requirements, particularly those fortified by global platform

participation and geographic diversity

The information-processing needs–capability

fit fosters firm performance

The fit between information-processing requirements and information-

processing capabilities and between digital risk types and these requirements or

capabilities ameliorate MNE performance in organizational resilience, transaction

cost reduction, and internalization advantages



2018; Nambisan et al., 2017). Such generativity,resulting from their openness and re-combinability,allows for rapidly refashioning the value proposi-tion of products, services, and business models tofit both globalized and localized needs.

However, digital connectivity, as a new contextfor both established and emerging internationalfirms, also presents enormous risks. While werecognize the proliferation of research addressingthe benefits of digitization, we observe that thefield remains largely silent on the dark side of thisprevalent issue. Digital connectivity makes manyfirms more dependent on others, and thus subjectto more contagion effects from all threats facingthem and others. The impact of external shocksbecomes magnified in a more digitally intercon-nected world, and ripple effects spread faster. Forinstance, digital connectivity makes global reputa-tion maintenance and crisis management immen-sely critical, intricate, and sensitive. Contagioneffects that jeopardize an MNE’s worldwide reputa-tion are multiplied through social media and otherconnectivity channels. In assessing the overallenvironment, many conclude that the future suc-cess of MNEs lies not in whether they invest, adopt,and participate in digital connectivity but in howthey harness digitization-enabled new opportuni-ties while circumventing digitization-cased newrisks associated with global operations (Potrafke,2015; Rangan & Sengul, 2009; World Bank, 2016).

We enrich research on IB risks in several ways. Tostart with, we illustrate new forms of digital dangersin international business. This contribution maybroaden our understanding of IB risks and affords afuller picture of both rewards and risks of digitalglobalization. We reveal that digital threats occurin multiple forms, including as interdependencerisk, information security risk, and regulatory com-plexity risk. Underlying these challenges are geopo-litical, economic, technological, sociocultural, andlegal forces that jointly come into play in not justan individual target country (national level) butacross countries (supranational level). We showhow MNE executives can examine within-countryrisk items specific to a foreign target country (e.g.,regulatory, social, economic, and infrastructuralitems), as well as cross-country risk items that areeffectuated across countries (e.g., global geopolitics,home-/host-country relations, internationalevents, and terrorism and cyber attacks).

We offer an information-processing frameworktoward digital risks. The information-processingtheory describes organizations as information-

processing systems whose basic function is to createthe most appropriate configuration of work units(as well as the linkages between these units) tofacilitate the effective collection, processing, anddistribution of information (Tushman & Nadler,1978). We apply this theory to stress the impor-tance of aligning, or creating a fit between, infor-mation-processing requirements deriving fromdigital risk exposure and the information-process-ing capabilities through which to manage theserisks. Meanwhile, we extend this theory by empha-sizing two other fits: between digital risk type andinformation-processing needs, and between digitalrisk type and information-processing mechanisms.This notion of fit is in accordance with not only thetransaction cost logic (minimizing information-processing cost) but also the internalization logic(improved monitoring of interconnected tasksexposed to digital risks). It follows that these fitsor alignments may have strong performance impli-cations for organizational resilience, transactioncost saving, and internalization advantages, whichconcurs with the dominant logic of internalizationtheory (e.g., Rugman & Verbeke, 2003). While thesepoints remain in need of empirical validation, theinformation-processing theory assumes that orga-nizing and governing various subunits will becomemore effective, and make the MNE more resilientwhen information-processing needs match infor-mation-processing capabilities in a complex andrisky environment.We depict this theory as a proper guide as it

allows us to specify MNEs that vary in theirinternational strategies and in their exposure torisks. Firm-specific traits, such as informationintensity, geographic diversity, international strat-egy, and platform participation, significantly shapethe firm’s susceptibility to digital risks. Demystify-ing risk types also permits us to look at configura-tions between these global traits and specificthreats. For instance, we suggest that, when geo-graphic diversity increases, information securityrisk and regulatory complexity risk are amplified. Inthe context of platform technology, the nature of,or the way of participating in and interacting with,global platforms and ecosystems carries disparaterisk implications. MNEs depending more on globalplatforms and ecosystems are more exposed todigital risks. If such platforms and ecosystems carrymore diversity in cultural backgrounds, strategicobjectives, global experiences, and collaborationhistory, this risk exposure becomes further aggra-vated. Also, we point out that MNEs with higher



flexibility in their own global supply and produc-tion systems will rely less on ecosystems, hence beless exposed to digital hazards, notably, interde-pendence risk and cyber security risk.

In addition, we consider actions that MNE lead-ers need to take, detailing risk assessment and riskmanagement approaches. We offer a set of actionsrelating to risk analytics, digital intelligence, riskcontrol, and collective actions essential for manag-ing digital risks. Importantly, digital intelligencetransforms digital technologies into valuable infor-mation, real-time forecasts, operational decision-making, and inter-firm and intra-firm sharing,which in turn significantly help to streamlineglobal operations without taking undue risks. Tocontain threats from connectivity, MNEs must beable to exert control over third parties in keyfunctions or businesses that are vulnerable to theserisks, calling for further actions to build global risksquads comprised of cross-functional and cross-border team members responsible for managingboth the technical and managerial aspects of thestated risks. We advocate for collective actions –working together with other MNEs and local firmsand with home- and host-country governments –to ameliorate digital infrastructure (physical andinstitutional) challenges and boost business conti-nuity and country competitiveness. The logic ofcooperation between MNEs and governments (e.g.,Luo, 2001) applies well to the improvement of thedigital globalization environment.

Finally, we point out the importance of congru-ence between digital risks, firm exposure, and riskmanagement capabilities. As explained, MNEs varyin their exposure to these risks but also vary in theability to manage them. Some MNEs can enduremore digital risks as long as they are equipped withtechnological and organizational competenciesthat are sufficient to suppress the risks. We arguethat MNEs with better alignment of the digital risksthat they face with both information-processingrequirements (e.g., information intensity, geo-graphic diversity, and type of international strat-egy) and information-processing capabilities (e.g.,digital intelligence, risk analytics, and risk control)can perform better in strategic resilience, transac-tion cost saving, and internalization advantages.

FUTURE RESEARCHOver the past decades, digital globalization hasspawned research on the competitive advantages ofdigital connectivity. However, in combination with

other credible threats, such as new geopolitics, de-globalization sentiment, public health crises, andglobal supply chain breakdowns, digital risks are onthe perpetual rise. IB research has not yet ade-quately attended to this reality. We view thedangers arising from digital connections as a new,yet increasingly critical, type of IB risk, and offerour suggestions for future research, which in partaddresses this study’s limitations.First, we submit a logic of alignment between

digital risk processing and digital risk managingcapabilities. Yet, another important alignmentexists: the fit between digitization opportunitiesand risks. In general, executives may be willing totake more digital risks if they foresee more oppor-tunities or more gains from digital globalizationpursuits, a typical risk–return positivity assumption(Bowman, 1980; Miller, 1998). The prospect theoryadds additional insights by including firm-specificreference dependence (Kahneman & Tversky,1979). That is, faced with a risky choice leading togains, parties are risk-averse, preferring solutionsthat lead to a lower expected utility but with ahigher certainty (concave value function). How-ever, when faced with a risky choice leading tolosses, they are risk-seeking, preferring solutionsthat lead to a lower expected utility as long as it hasthe potential to avoid losses (convex value func-tion). In particular, executives may underestimatemerely probable outcomes in comparison toassured outcomes. Per this theory, parties attributeexcessive weight to events with low probability andinsufficient weight to events with high probability.Leaders of MNEs that are newer or less experiencedin digital globalization seem to have a higherpropensity to follow this risk attitude or preference.Future research that specifies the opportunity–riskalignment would need to consider this prospectlogic along with firm-specific digital intelligence,experience, and risk-managing capabilities in deal-ing with both general/global and country-specificdigital risks and disruptions.Second, an MNE’s digital risk managing system is

composed of not only corporate or regional head-quarters which orchestrates the system to executethe digital strategies but also foreign subsidiaries,scattered in various countries where digitizationinfrastructures vastly diverge. These subsidiaries arethe main entities actually exposed to both thewithin-country and cross-country risk items notedabove. They are also situated in key nodes of intra-MNE and inter-MNE boundaries spanning globaloperations (Song & Shin, 2008; Turkina & Van



Assche, 2018), thus holding a central and frontierposition in dealing with the identified risks. Asfuture research embraces people and processes inanalyzing digital global connectivity, these sub-sidiary roles warrant attention in their co-design-ing, executing, and revamping of an MNE’s digitalarchitecture that is both globally synchronized (toensure global compliance and control) and locallydifferentiated (to nourish national adaptation).Another valuable quest lies in unifying the litera-ture of parent–subsidiary links with digitization riskmanagement. This literature speaks clearly of vary-ing strategic roles played by various subsidiaries incross-border knowledge flows, innovation contri-bution, resource deployment, and global integra-tion (e.g., Birkinshaw, Morrison, & Hulland, 1995;Kogut & Zander, 1993). Many such activities areundertaken digitally, thus widely exposed to digitalrisks. What it takes to motivate subsidiaries tocontribute to the MNE’s total solution to thebalancing act between digital connectivity oppor-tunities and digital risk mitigation merits furtherexploration.

Third, our framework does not specify how MNEsshould improve their organizational design (e.g.,structure, power delegation) to satisfy the fitbetween information-processing requirements andinformation-processing capabilities. This matchcalls for structural or behavioral support or adjust-ment, allowing the corresponding requirementsand capabilities to create more sustained valuesfor the organization (Daft, 1992). Future researchshould proceed further from our framework toexamine how an MNE’s organizational designevolves in the digital era to achieve the neededfit. That is, future research needs to consider thisalignment as one of the key drivers or guides fororganizational change and evolutions.

Lastly, as global environments become moreuncertain, disrupted, and contentious (Sacks,2020), MNE leaders face increasing pressure tosimultaneously satisfy competing ends and balanceincompatible and even contradictory forces, com-pelling them to be more ambidextrous in multiplefashions (Gibson & Birkinshaw, 2004). Managingdigital risks also demands such ambidexterity. Wehave already alluded to an MNE’s need to balanceglobal compliance and local differentiation, as wellas digitally-enabled opportunities and involvedrisks. Yet, required ambidexterity in this settingalso extends to flexibility and efficiency, collabora-tion and control, and stability and adaptability, inaddition to open innovation and intellectual

(including digital know-how) protection. In fact,we envision that an MNE’s digitization architectureitself (digital technologies, intelligence, and pro-cesses) creates an important internal platform thatfosters the firm’s ambidexterity. Unlike other orga-nizational control architectures, the digital oneaffords more discretion to front-line units (thusflexibility) while easing orchestration (thus effi-ciency), and endows more complementarity ofinternal and external resources through ecosystemsharing (Li et al., 2019; Nambisan et al., 2019).More research is merited to delve into how digiti-zation architecture works in nurturing an MNE’scross-border, boundary spanning activities withinan organization, between organizations, andbetween the organization and environments, inturn bolstering its strategic resilience.

CONCLUSIONDigital global connectivity embodies a dominantfeature of the new era of international business andacts as a critical catalyst to address rising uncer-tainties. However, digitization itself carries a myr-iad of risks, a pivotal issue for global operations,and yet one that has received little attention,theoretically or empirically. Managing risks consti-tutes one of the central issues in internationalbusiness, but has long been based on assumptionsof tangible, often heavy barriers involved withflows of physical goods, services, investments, andcapital, rather than intangible, dwindled barriersassociated with instant flows of ideas, data, andknowledge. Nested within the information-process-ing logic, this article presents a general frameworkthat describes types of digital risks in IB, explainswithin-country and cross-country items that drivethese risks, and specifies divergence of MNEs inlevels of exposure to the threats, since they differ intheir dependence on and susceptibility to digitiza-tion disruptions that affect global activities. Fol-lowing this reasoning, we propose that an MNE’sinformation intensity, geographic diversity, choiceof international strategy, and flexibility of ecosys-tem participation bear strong repercussions on itsrisk exposure and risk management. Finally, thisframework offers a unique view toward essentialactions needed by MNEs, individually and collec-tively, to circumvent digital risks, emphasizing theimportance and process of building, deploying, andharnessing digital intelligence in the simultaneouspursuit of local adaptation, transnational resilience,



and global orchestration for cross-border activitiesthat prevalently become digitally underpinned.

ACKNOWLEDGEMENTSThe author appreciates Professor Alain Verbeke andthe three anonymous reviewers for providing insight-ful comments and excellent suggestions.

NOTES

1Other less primary connectivity-related risksmay exist. For instance, global reputation risk couldbe amplified due to digitization. Contagion effectsthat jeopardize the MNE’s worldwide reputationdue to corporate or executive wrongdoing multiplythrough social media. In a digitally connectedworld, even menial misconducts, if repeated, canlead to a downfall. The demise of a few can engulf awhole industry when the transactions are based ontrust in the fulfilment of future promises.

2The globalization of financial systems and theacceleration of information transmission haveincreased the risk of financial crises, as a crisis inone country can spread to others and lead toworldwide urgency. The US-China trade war makessuch interdependence risks even greater. Globalsupply chain redesigning and relocation becomemore costly and cumbersome for both US compa-nies (who have a significant portion of their supplychain in China) and Chinese firms (who depend onmany US-based, high-tech components such aschips).

3A study reported by Fortune (January 23, 2015)estimates that cyber crime costs the global econ-omy some $400 billion in annual losses, which caninclude consumer data breaches, financial crimes,market manipulation, and theft of intellectualproperty.

4The institutional environment for digital globalconnectivity is comprised of numerous playersaside from national governments. Some suprana-tional agencies (e.g., International Telecommuni-cation Union) are also key players, affecting thedigital infrastructure of MNEs.

5Many multinationals suffer from this systemdiscrepancy as the US government imposes bans onthe sale of semiconductors to Chinese telecoms andon American companies using Chinese-madeequipment in critical networks. Several US allies,including Australia, Canada, and Japan, have fol-lowed suit, blocking local firms from using Hua-wei’s technology in the development of theircountry’s 5G network.

6After Brexit, for instance, companies in theUnited Kingdom may pay more in complying withthe European Union’s General Data ProtectionRegulation, while EU companies face higher cross-border taxation and administrative burden in theUK when conducting digital commerce.

7These big banks use systems that have beenprogrammed on historical payments data to mon-itor potentially fraudulent activity and block sus-picious transactions. Financial institutions also useautomated systems to monitor their traders bylinking trading information with other behavioralinformation, such as e-mail traffic, calendar items,office building check-in and check-out times, andeven telephone calls.

8For example, Johnson & Johnson’s digital intel-ligence has played a critical role during the Covid-19 health crisis. J&J uses product flow visualizationand risk analysis tools to get foreign supplies to itsmanufacturing plants through alternative paths.The company also uses simulation tools to increasemanufacturing capacity, smart glass technology tohelp quality experts work remotely, global collab-oration tools to use real-time data for researchersworking on a vaccine, and digital interactions toenable healthcare professionals around the world.

9IBM has long done so in China, for example. TheIBM Research China Center has emphasized inno-vation in the areas of cognitive credit risk analysis,cognitive compliance, and blockchain services andsolutions. The activity not only helps China’sFinTech (i.e., financial services fueled by newtechnologies in blockchain, cognitive computing,mobile, and cloud) but also assists in transformingfinancial services around the world.

REFERENCESAdner, R., & Kapoor, R. 2010. Value creation in innovationecosystems: How the structure of technological interdepen-dence affects firm performance in new technology genera-tions. Strategic Management Journal, 31(3): 306–333.

Baaij, M. G., & Slangen, A. H. 2013. The role of headquarters-subsidiary geographic distance in strategic decisions byspatially disaggregated headquarters. Journal of InternationalBusiness Studies, 44(9): 941–952.



Banalieva, E., & Dhanaraj, C. 2019. Internalization theory for thedigital economy. Journal of International Business Studies,50(8): 1372–1387.

Bartlett, C. A., & Ghoshal, S. 1989. Managing across borders.Boston, MA: Harvard Business School Press.

Benito, G., Petersen, B., & Welch, L. 2019. The global valuechain and internalization theory. Journal of InternationalBusiness Studies, 50: 1414–1423.

Birkinshaw, J., Morrison, A., & Hulland, J. 1995. Structural andcompetitive determinants of a global integration strategy.Strategic Management Journal, 16: 637–655.

Bock, A. J., Opsahl, T., George, G., & Gann, D. M. 2011. Theeffects of culture and structure on strategic flexibility duringbusiness model innovation. Journal of Management Studies,49(2): 279–305.

Boudreau, K. 2010. Open platform strategies and innovation:Granting access vs. devolving control. Management Science,56(10): 1849–1872.

Bowman, E. H. 1980. A risk-return paradox for strategicmanagement. Sloan Management Review , 1980: 17–31.

Breton-Miller, I., & Miller, D. 2015. The paradox of resourcevulnerability: Considerations for organizational curatorship.Strategic Management Journal, 36(3): 397–415.

Bruno, V., & Shin, H. 2014. Globalization of corporate risktaking. Journal of International Business Studies, 45: 800–820.

Buckley, P., & Strange, R. 2015. The governance of the globalfactory: Location and control of world economic activity.Academy of Management Perspectives, 29(2): 237–249.

Cantwell, J. A. 2009. Innovation and information technology inthe MNE. In A. M. Rugman (Ed.), The Oxford handbook ofinternational business (2 ed.). Oxford: Oxford University Press.

Chen, L., Shaheer, N., Yi, J., & Li, S. 2019. The internationalpenetration of ibusiness firms: Network effects, liabilities ofoutsidership and country clout. Journal of International BusinessStudies, 50: 172–192.

Chinn, D., Kaplan, J. & Weinberg, A. 2014. Risk and responsibilityin a hyper-connected world: Implications for enterprises. McKin-sey & Company and the World Economic Forum, January,2014.

Daft, R. 1992. Organization theory and design. St. Paul, MN:West Publishing.

Dellestrand, H., & Kappen, P. 2012. The effects of spatial andcontextual factors on headquarters resource allocation to MNEsubsidiaries. Journal of International Business Studies, 43(3):219–243.

Egelhoff, W. G. 1982. Strategy and structure in multinationalcorporations: An information processing approach. Adminis-trative Science Quarterly, 27(3): 435–458.

Egelhoff, W. G. 1991. Information processing theory and themultinational enterprise. Journal of International Business Stud-ies, 22(3): 341–368.

EIU (Economist Intelligence Unit). 2014. Networked manufactur-ing: The digital future. April 2014.

Friedman, T. L. 2007. The world is flat 3.0: A brief history of thetwenty-first century. Surrey: Picador.

Gibson, C. B., & Birkinshaw, J. 2004. The antecedents, conse-quences, and mediating role of organizational ambidexterity.Academy of Management Journal, 47: 209–226.

Gregory, R., Henfridsson, O., Kaganer, E., & Kyriakou, H. 2020.The role of artificial intelligence and data network effects forcreating user value. Academy of Management Review.. https://doi.org/10.5465/amr.2019.0178.

Grossman, G., & Helpman, E. 2015. Globalization and growth.American Economic Review, 105(5): 100–104.

Hazlehurst, C., & Brouthers, K. D. 2019. IB and strategy researchon ‘‘new’’ information and communication technologies:Guidance for future research. In R. Van Tulder, A. Verbeke,& L. Piscitello (Eds.), International business in the informationand digital ageLondon: Emerald.

Hennart, J. F. 2019. Digitalized service multinationals andinternational business theory. Journal of International BusinessStudies, 50: 1388–1400.

Jacobides, M. G., Cennamo, C., & Gawer, A. 2018. Towards atheory of ecosystems. Strategic Management Journal, 39(8):2255–2276.

Jean, R.-J., Sinkovics, R., & Cavusgil, S. T. 2010. Enhancinginternational customer–supplier relationships through ITresources: A study of Taiwanese electronics suppliers. Journalof International Business Studies, 41: 1218–1239.

Kahneman, D., & Tversky, A. 1979. Prospect theory: An analysisof decision under risk. Econometrica, 47(2): 263–281.

Kano, L. 2018. Global value chain governance: A relationalperspective. Journal of International Business Studies, 49:684–705.

Kano, L., Tsang, E. W. K., & Yeung, H. W. 2020. Global valuechains: A review of the multi-disciplinary literature. Journal ofInternational Business Studies, 51: 577–622.

Kshetri, N. 2005. Pattern of global cyber war and crime: Aconceptual framework. Journal of International Management,11(4): 541–562.

Kogut, B., & Zander, U. 1993. Knowledge of the firm and theevolutionary theory of the multinational corporation. Journalof International Business Studies, 24(4): 625–645.

Li, J., Chen, L., Yi, J., Mao, J., & Liao, J. 2019. Ecosystem-specificadvantages in international digital commerce. Journal ofInternational Business Studies, 50(9): 1448–1463.

Luo, Y. 2001. Toward a cooperative view of MNC-host govern-ment relations. Building blocks and performance implications.Journal of International Business Studies, 32: 401–419.

Luo, Y. 2021. New OLI advantages in digital globalization.International Business Review, 30(2): 101797.

Manyika, J., Lund, S., Bughin, J., Woetzel, J., Stamenov, K., &Dhringra, D. 2016. Digital globalization: The new era of globalflows. McKinsey Global Institute.

McKinsey 2020. Risk, resilience, and rebalancing in global valuechains. New York: McKinsey Global Institute.

Miller, K. D. 1992. A framework for integrated risk managementin international business. Journal of International BusinessStudies, 23(2): 311–331.

Miller, K. D. 1998. Economic exposure and integrated riskmanagement. Strategic Management Journal, 19: 497–514.

Monaghan, S., Tippmann, E., & Coviello, N. 2020. Born digitals:Thoughts on their internationalization and a research agenda.Journal of International Business Studies, 51(1): 11–22.

Nambisan, S., Lyytinen, K. J., Majchrzak, A., & Song, M. (2017).Digital innovation management: Reinventing innovation man-agement research in a digital world. MIS Quarterly, 4(1),223–238.

Nambisan, S., Zahra, S., & Luo, Y. 2019. Global platforms andecosystems: Implications for international business theories.Journal of International Business Studies, 50(9): 1464–1486.

Oxley, J., & Yeung, B. 2001. E-commerce readiness: Institutionalenvironment and international competitiveness. Journal ofInternational Business Studies, 32: 705–723.

Potrafke, N. 2015. The evidence on globalization. World Econ-omy, 38(3): 509–552.

Prahalad, C. K., & Doz, Y. 1987. The multinational mission:Balancing local demands and global vision. New York: FreePress.

Rangan, S., & Sengul, M. 2009. Information technology andtransnational integration: Theory and evidence on the evolu-tion of the modern multinational enterprise. Journal ofInternational Business Studies, 40(9): 1496–1514.

Rugman, A. M. (2009). The oxford handbook of internationalbusiness (2nd ed.). Oxford, UK: Oxford UniversityPress.

Rugman, A. M., & Verbeke, A. 2003. Extending the theory ofmultinational enterprise: Internalization and strategic man-agement perspectives. Journal of International Business Studies,34(2): 125–137.



http://dx.doi.org/10.5465/amr.2019.0178

http://dx.doi.org/10.5465/amr.2019.0178

Sacks, J. 2020. The ages of globalization: Geography, technologyand institutions. New York: Columbia University Press.

Song, J., & Shin, J. 2008. The paradox of technologicalcapabilities: A study of knowledge sourcing from host coun-tries of overseas R&D operations. Journal of InternationalBusiness Studies, 39(2): 291–303.

Stallkamp, M., & Schotter, A. P. J. 2021. Platforms withoutborders? The international strategies of digital platform firms.Global Strategy Journal, 11(1): 58–80.

Sturgeon, T. (2020). Upgrading strategies for the digitaleconomy. Global Strategy Journal, In press.

Tallman, S., Luo, Y., & Buckley, P. 2018. Business models inglobal competition. Global Strategy Journal, 8(4): 517–535.

Tong, T., & Reuer, J. 2007. Real options in multinationalcorporations: Organizational challenges and risk implications.Journal of International Business Studies, 38: 215–230.

Turkina, E., & Van Assche, A. 2018. Global connectedness andlocal innovation in industrial clusters. Journal of InternationalBusiness Studies, 49: 706–728.

Tushman, M. L., & Nadler, D. A. 1978. Information processingas an integrating concept in organizational design. Academy ofManagement Review, 3: 613–624.

UNCTAD. 2013. Global value chains and development: Investmentand value added trade in the global economy. Geneva,Switzerland.

UNCTAD. 2015. Information economy report: Unlocking thepotential of E-commerce for developing countries. Geneva,Switzerland.

van Tulder, R., Verbeke, A., & Piscitello, L. 2019. Internationalbusiness in the information and digital age. London: Emerald.

Verbeke, A., & Greidanus, N. S. 2009. The end of theopportunism vs trust debate: Bounded reliability as a new

envelope concept in research on MNE governance. Journal ofInternational Business Studies, 40(9): 1471–1495.

Werner, S., Brouthers, L., & Bouthers, K. 1996. International riskand perceived environmental uncertainty: The dimensionalityand internal consistency of Miller’s measure. Journal ofInternational Business Studies, 27: 571–587.

Williams, T. A., Gruber, D. A., Sutcliffe, K. M., Shepherd, D. A., &Zhao, E. 2017. Organizational response to adversity: Fusingcrisis management and resilience research streams. Academy ofManagement Annals, 11(2): 733–769.

World Bank. 2016. World Development Report 2016: Digitaldividends. Washington DC, United States.

Yoo, Y., Boland, R., Lyytinen, K., & Majchrzak, A. 2012.Organizing for innovation in the digitized world. OrganizationScience, 23(5): 1213–1522.

ABOUT THE AUTHORYadong Luo is the Emery M. Findley DistinguishedChair and Professor of Management at MiamiHerbert Business School, University of Miami. Hisresearch interests include global strategy, interna-tional management, and emerging economybusinesses.

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutionalaffiliations.

Accepted by Alain Verbeke, Editor-in-Chief, 10 April 2021. This article has been with the author for one revision.



a general framework of digitization risks in international business · 2021. 5. 27. ·...

Documents