This study investigates the challenges boards of directors face in providing effective cybersecurity oversight. Drawing on in-depth interviews with 35 board members and cybersecurity experts, the paper identifies four core challenges and proposes ten specific actions boards can take to improve their governance and risk management capabilities.

Problem Corporate boards are increasingly held responsible for cybersecurity governance, yet they are often ill-equipped to handle this complex and rapidly evolving area. This gap between responsibility and expertise creates significant risk for organizations, as boards may struggle to ask the right questions, properly assess risk, and provide meaningful oversight.

Outcome - The study identified four primary challenges for boards: 1) inconsistent attitudes and governance approaches, 2) ineffective interaction dynamics with executives like the CISO, 3) a lack of sufficient cybersecurity expertise, and 4) navigating expanding and complex regulations.
- Boards must acknowledge that cybersecurity is an enterprise-wide operational risk, not just an IT issue, and gauge their organization's cybersecurity maturity against industry peers.
- Board members should focus on the business implications of cyber threats rather than technical details and must demand clear, jargon-free communication from executives.
- To address expertise gaps, boards should determine their need for expert advisors and actively seek training, such as tabletop cyberattack simulations.
- Boards must understand that regulatory compliance does not guarantee sufficient security and should guide the organization to balance compliance with proactive risk mitigation.

This study examines how established firms can successfully partner with Artificial Intelligence (AI) startups to foster innovation. Based on an in-depth analysis of six real-world AI implementation projects across two startups, the research identifies five key challenges and provides corresponding recommendations for navigating these collaborations effectively.

Problem Established companies often lack the specialized expertise needed to leverage AI technologies, leading them to partner with startups. However, these collaborations introduce unique difficulties, such as assessing a startup's true capabilities, identifying high-impact AI applications, aligning commercial interests, and managing organizational change, which can derail innovation efforts.

Outcome - Challenge 1: Finding the right AI startup. Firms should overcome the inscrutability of AI startups by assessing credible quality signals, such as investor backing, academic achievements of staff, and success in prior contests, rather than relying solely on product demos.
- Challenge 2: Identifying the right AI use case. Instead of focusing on data availability, companies should collaborate with startups in workshops to identify use cases with the highest potential for value creation and business impact.
- Challenge 3: Agreeing on commercial terms. To align incentives and reduce information asymmetry, contracts should include performance-based or usage-based compensation, linking the startup's payment to the value generated by the AI solution.
- Challenge 4: Considering the impact on people. Firms must manage user acceptance by carefully selecting the degree of AI autonomy, involving employees in the design process, and clarifying the startup's role to mitigate fears of job displacement.
- Challenge 5: Overcoming implementation roadblocks. Depending on the company's organizational maturity, it should either facilitate deep collaboration between the startup and all internal stakeholders or use the startup to build new systems that bypass internal roadblocks entirely.

This study examines how a large manufacturing company navigated the challenges of remote and hybrid work following the COVID-19 pandemic. Through an 18-month case study, the research explores the impacts on different employee groups (virtual, hybrid, and on-site) and provides recommendations for managing a blended workforce. The goal is to help organizations, particularly those with significant physical operations, balance new employee expectations with business needs.

Problem The widespread shift to remote work during the pandemic created a major challenge for businesses deciding on their long-term workplace strategy. Companies are grappling with whether to mandate a full return to the office, go fully remote, or adopt a hybrid model. This problem is especially complex for industries like manufacturing that rely on physical operations and cannot fully digitize their entire workforce.

Outcome - Employees successfully adapted information and communication technology (ICT) to perform many tasks remotely, effectively separating their work from a physical location.
- Contrary to expectations, on-site workers who remained at the physical workplace throughout the pandemic reported feeling the most isolated, least valued, and dissatisfied.
- Despite demonstrated high productivity and employee desire for flexibility, business leaders still strongly prefer having employees co-located in the office, believing it is crucial for building and maintaining the company's core values.
- A 'Digital-Physical Intensity' framework was developed to help organizations classify jobs and make objective decisions about which roles are best suited for on-site, hybrid, or virtual work.

This paper presents a case study on 'freeyou,' the digital innovation spinoff of a major German insurance company. It examines how the company successfully transitioned its online-only car insurance product from an initial 'exploring' phase to a profitable 'scaling' phase. The study highlights the necessary shifts in IT approaches, organizational structure, and data analytics required to manage this transition.

Problem Many digital innovations fail when they move from the idea validation stage to the scaling stage, where they need to become profitable and handle large volumes of users. This study addresses the common IT-related challenges that cause these failures and provides practical guidance for managers on how to navigate this critical transition successfully.

Outcome - Prepare for a significant cultural shift: Management must explicitly communicate the change in focus from creative exploration and prototyping to efficient and profitable operations to align the team and manage expectations.
- Rearchitect IT systems for scalability: Systems built for speed and flexibility in the exploration phase must be redesigned or replaced with robust, efficient, and reliable platforms capable of handling a large user base.
- Adjust team composition and skills: The transition to scaling requires different expertise, shifting from IT generalists who explore new technologies to specialists focused on process automation, data analytics, and stable operations. Companies must be prepared to bring in new talent and restructure teams accordingly.

This study identifies critical gaps in Operational Technology (OT) cybersecurity by drawing on insights from 36 leaders across 14 global corporations. It analyzes the organizational challenges that hinder the successful implementation of OT cybersecurity, going beyond purely technical issues. The research provides practical recommendations for managers to bridge these security gaps effectively.

Problem As industrial companies embrace 'Industry 4.0', their operational technology (OT) systems, which control physical processes, are becoming increasingly connected to digital networks. This connectivity introduces significant cybersecurity risks that can halt production and cause substantial financial loss, yet many organizations struggle to implement robust security due to organizational, rather than technical, obstacles.

Outcome - Cybersecurity in OT projects is often treated as an afterthought, bolted on at the end rather than integrated from the start.
- Cybersecurity teams typically lack the authority, budget, and top management support needed to enforce security measures in OT environments.
- There is a severe shortage of personnel with expertise in both OT and cybersecurity, and a cultural disconnect exists between IT and OT teams.
- Priorities are often misaligned, with OT personnel focusing on uptime and productivity, viewing security measures as hindrances.
- The tangible benefits of cybersecurity are difficult to recognize and quantify, making it hard to justify investments until a failure occurs.

This study explores how Chief Information Officers (CIOs) can uncover and manage differing opinions among senior executives regarding the value of IT investments. Using a case study at a U.K. firm, the researchers applied a method based on Repertory (Rep) Grid analysis and heat maps to make these perception gaps visible and actionable.

Problem The full benefits of IT investments are often not realized because senior leaders lack a shared understanding of their value and effectiveness. This misalignment can undermine project support and success, yet CIOs typically lack practical tools to objectively identify and resolve these hidden differences in perception within the management team.

Outcome - Repertory (Rep) Grids combined with heat maps are a practical and effective technique for making executives' differing perceptions of IT value explicit and visible.
- The method provides a structured, data-driven foundation for CIOs to have tailored, objective conversations with individual leaders to build consensus.
- By creating a common set of criteria for evaluation, the process helps align the senior management team and fosters a shared understanding of IT's strategic contribution.
- The visual nature of heat maps helps focus discussions on specific points of disagreement, reducing emotional conflict and accelerating the path to a common ground.
- The approach allows CIOs to develop targeted action plans to address specific gaps in understanding, ultimately improving support for and the realization of value from IT investments.

This case study describes how WashTec, a global leader in the car wash industry, successfully explored and developed new digital business models. The paper outlines the company's structured four-phase exploration approach—Activation, Inspiration, Evaluation, and Monetization—which serves as a blueprint for digital innovation. This process offers a guide for other established, incumbent companies seeking to navigate their own digital transformation.

Problem Many established companies excel at enhancing their existing business models but struggle to explore and develop entirely new digital ones. This creates a significant challenge for traditional, hardware-centric firms needing to adapt to a digital landscape. The study addresses how an incumbent company can overcome this inertia and systematically innovate to create new value propositions and maintain a competitive edge.

Outcome - WashTec developed a structured four-phase approach (Activation, Inspiration, Evaluation, Monetization) that enabled the successful exploration of digital business models.
- The process resulted in three distinct digital business models: Automated Chemical Supply, a Digital Wash Platform, and In-Car Washing Services.
- The study offers five recommendations for other incumbent firms: set clear boundaries for exploration, utilize digital-savvy pioneers while involving the whole organization, anchor the process with strategic symbols, consider value beyond direct revenue, and integrate exploration objectives into the core business.

This study investigates how digital transformations initiated by a crisis, such as the COVID-19 pandemic, differ from transformations under normal circumstances. Through case studies of three German small and medium-sized organizations (the 'Mittelstand'), the research identifies challenges to established transformation 'logics' and provides recommendations for successfully managing these events.

Problem While digital transformation is widely studied, there is little understanding of how the process works when driven by an external crisis rather than strategic planning. The COVID-19 pandemic created an urgent, unprecedented need for businesses to digitize their operations, but existing frameworks were ill-suited for this high-pressure, uncertain environment.

Outcome - The trigger for digital transformation in a crisis is the external shock itself, not the emergence of new technology.
- Decision-making shifts from slow, consensus-based strategic planning to rapid, top-down ad-hoc reactions to ensure survival.
- Major organizational restructuring is deferred; instead, companies form small, agile steering groups to manage the transformation efforts.
- Normal organizational barriers like inertia and resistance to change significantly decrease during the crisis due to the clear and urgent need for action.
- After the crisis, companies must actively work to retain the agile practices learned and manage the potential re-emergence of resistance as urgency subsides.

This study explores the common pitfalls of four types of cybersecurity training by interviewing employees at large accounting firms. It identifies four unintended negative consequences of mistraining and overtraining and, in response, proposes the LEAN model, a new framework for designing more effective cybersecurity readiness programs.

Problem Organizations invest heavily in cybersecurity readiness programs, but these initiatives often fail due to poor design, leading to mistraining and overtraining. This not only makes the training ineffective but can also create adverse effects like employee anxiety and fatigue, paradoxically amplifying an organization's cyber vulnerabilities instead of reducing them.

Outcome - Conventional cybersecurity training often leads to four adverse effects on employees: threat anxiety, security fatigue, risk passivity, and cyber hesitancy.
- These individual effects cause significant organizational problems, including erosion of individual performance, fragmentation of team dynamics, disruption of client experiences, and stagnation of the security culture.
- The study proposes the LEAN model to counteract these issues, based on four strategies: Localize, Empower, Activate, and Normalize.
- The LEAN model recommends tailoring training to specific roles (Localize), fostering ownership and authority (Empower), promoting coordinated action through collaborative exercises (Activate), and embedding security into daily operations to build a proactive culture (Normalize).

This paper presents an in-depth case study on how the global technology company Siemens successfully moved artificial intelligence (AI) projects from pilot stages to full-scale, value-generating applications. The study analyzes Siemens' journey through three evolutionary stages, focusing on the concept of 'AI democratization', which involves integrating the unique skills of domain experts, data scientists, and IT professionals. The findings provide a framework for how other organizations can build the necessary capabilities to adopt and scale AI technologies effectively.

Problem Many companies invest in artificial intelligence but struggle to progress beyond small-scale prototypes and pilot projects. This failure to scale prevents them from realizing the full business value of AI. The core problem is the difficulty in making modern AI technologies broadly accessible to employees, which is necessary to identify, develop, and implement valuable applications across the organization.

Outcome - Siemens successfully scaled AI by evolving through three stages: 1) Tactical AI pilots, 2) Strategic AI enablement, and 3) AI democratization for business transformation.
- Democratizing AI, defined as the collaborative integration of domain experts, data scientists, and IT professionals, is crucial for overcoming key adoption challenges such as defining AI tasks, managing data, accepting probabilistic outcomes, and addressing 'black-box' fears.
- Key initiatives that enabled this transformation included establishing a central AI Lab to foster co-creation, an AI Academy for upskilling employees, and developing a global AI platform to support scaling.
- This approach allowed Siemens to transform manufacturing processes with predictive quality control and create innovative healthcare products like the AI-Rad Companion.
- The study concludes that democratizing AI creates value by rooting AI exploration in deep domain knowledge and reduces costs by creating scalable infrastructures and processes.

This paper presents a case study on how the international energy company Shell successfully implemented a large-scale digital transformation. It details their 'Do It Yourself' (DIY) program, which empowers employees to create their own software applications using low-code/no-code platforms. The study analyzes Shell's approach and provides recommendations for other organizations looking to leverage citizen development to drive digital initiatives.

Problem Many organizations struggle with digital transformation, facing high failure rates and uncertainty. These initiatives often fail to engage the broader workforce, creating a bottleneck within the IT department and a disconnect from immediate business needs. This study addresses how a large, traditional company can overcome these challenges by democratizing technology and empowering its employees to become agents of change.

Outcome - Shell successfully drove digital transformation by establishing a 'Do It Yourself' (DIY) citizen development program, empowering non-technical employees to build their own applications.
- A structured four-phase process (Sensemaking, Stakeholder Participation, Collective Action, Evaluating Progress) was critical for normalizing and scaling the program across the organization.
- Implementing a risk-based governance framework, the 'DIY Zoning Model', allowed Shell to balance employee autonomy and innovation with necessary security and compliance controls.
- The DIY program delivered significant business value, including millions of dollars in cost savings, improved operational efficiency and safety, and increased employee engagement.
- Empowering employees with low-code tools not only solved immediate business problems but also helped attract and retain new talent from the 'digital generation'.

This study investigates the cybersecurity challenges faced by small and medium-sized enterprise (SME) suppliers and proposes actionable strategies for large companies to help them improve. Based on interviews with executives and cybersecurity experts, the paper identifies key barriers SMEs encounter and outlines five practical actions large firms can take to strengthen their supply chain's cyber resilience.

Problem Large companies increasingly require their smaller suppliers to meet the same stringent cybersecurity standards they do, creating a significant burden for SMEs with limited resources. This gap creates a major security vulnerability, as attackers often target less-secure SMEs as a backdoor to access the networks of larger corporations, posing a substantial third-party risk to entire supply chains.

Outcome - SME suppliers are often unable to meet the security standards of their large partners due to four key barriers: unfriendly regulations, organizational culture clashes, variability in cybersecurity frameworks, and misalignment of business processes.
- Large companies can proactively strengthen their supply chain by providing SMEs with the resources and expertise needed to understand and comply with regulations.
- Creating incentives for meeting security benchmarks is more effective than penalizing suppliers for non-compliance.
- Large firms should develop programs to help SMEs elevate their cybersecurity culture and align security processes with their own.
- Coordinating with other large companies to standardize cybersecurity frameworks and assessment procedures can significantly reduce the compliance burden on SMEs.

This study investigates how corporate boards of directors oversee and integrate Artificial Intelligence (AI) into their governance practices. Based on in-depth interviews with high-profile board members from diverse industries, the research identifies common challenges and provides examples of effective strategies for board-level AI governance.

Problem Despite the transformative impact of AI on the business landscape, the majority of corporate boards struggle to understand its implications and their role in governing it. This creates a significant gap, as boards have a fiduciary responsibility to oversee strategy, risk, and investment related to critical technologies, yet AI is often not a mainstream boardroom topic.

Outcome - Identified four key groups of board-level AI governance issues: Strategy and Firm Competitiveness, Capital Allocation, AI Risks, and Technology Competence.
- Boards should ensure AI is integrated into the company's core business strategy by evaluating its impact on the competitive landscape and making it a key topic in annual strategy meetings.
- Effective capital allocation involves encouraging AI experimentation, securing investments in foundational AI capabilities, and strategically considering external partnerships and acquisitions.
- To manage risks, boards must engage with experts, integrate AI-specific risks into Enterprise Risk Management (ERM) frameworks, and address ethical, reputational, and legal challenges.
- Enhancing technology competence requires boards to develop their own AI literacy, review board and committee composition for relevant expertise, and include AI competency in executive succession planning.

This study examines how organizations can leverage low-code development platforms and citizen developers (non-technical employees) to accelerate digital transformation. Through in-depth case studies of two early adopters, Hortilux and Volvo Group, along with interviews from seven other firms, the paper identifies key strategies and challenges. The research provides five actionable recommendations for business leaders to successfully implement low-code initiatives.

Problem Many organizations struggle to keep pace with digital innovation due to a persistent shortage and high cost of professional software developers. This creates a significant bottleneck in application development, slowing down responsiveness to customer needs and hindering digital transformation goals. The study addresses how to overcome this resource gap by empowering business users to create their own software solutions.

Outcome - Set a clear strategy for selecting the right use cases for low-code development, starting with simple, low-complexity tasks like process automation.
- Identify, assign, and provide training to upskill tech-savvy employees into citizen developers, ensuring they have the support and guidance needed.
- Establish a dedicated low-code team or department to provide organization-wide support, training, and governance for citizen development initiatives.
- Ensure the low-code architecture is extendable, reusable, and up-to-date to avoid creating complex, siloed applications that are difficult to maintain.
- Evaluate the technical requirements and constraints of different solutions to select the low-code platform that best fits the organization's specific needs.

This article chronicles the distinguished career of F. Warren McFarlan, a seminal figure in the field of IT management. Based on interviews with McFarlan and his colleagues, as well as archival material, the paper details his immense contribution to bridging the divide between academic research and practical IT management. It highlights his methods, influential frameworks, and enduring legacy in educating generations of IT practitioners and researchers.

Problem There is often a significant gap between academic research and the practical needs of business managers. Academics typically focus on theory and description, while business leaders require actionable, prescriptive insights. This paper addresses this challenge by examining the career of F. Warren McFarlan as a case study in how to successfully produce practice-based research that is valuable to both the academic and business communities.

Outcome - F. Warren McFarlan was a foundational figure who played a pioneering role in establishing IT management as a respected academic and business discipline.
- He effectively bridged the gap between academia and industry by developing practical frameworks and using the case study method to teach senior executives how to manage technology strategically.
- Through his extensive body of research, including over 300 cases and numerous influential articles, he provided managers with accessible tools to assess IT project risk and align technology with business strategy.
- McFarlan was instrumental in championing academic outlets for practice-based research, notably serving as editor-in-chief of MIS Quarterly during a critical period to ensure its survival and relevance.
- His legacy includes not only his own research but also his mentorship of junior faculty and his role in building the IT management program at Harvard Business School.

This paper presents a case study of a small U.S. manufacturing company that suffered two distinct ransomware attacks four years apart, despite strengthening its cybersecurity after the first incident. The study analyzes both attacks, the company's response, and the lessons learned from the experiences. The goal is to provide actionable recommendations to help other small and medium-sized enterprises (SMEs) improve their defenses and recovery strategies against evolving cyber threats.

Problem Small and medium-sized enterprises (SMEs) face unique cybersecurity challenges due to significant resource constraints compared to larger corporations. They often lack the financial capacity, specialized expertise, and trained workforce to implement and maintain adequate technical and procedural controls. This vulnerability is increasingly exploited by cybercriminals, with a high percentage of ransomware attacks specifically targeting these smaller, less-defended businesses.

Outcome - All businesses are targets: The belief in 'security by obscurity' is a dangerous misconception; any online presence makes a business a potential target for cyberattacks.
- Comprehensive backups are essential: Backups must include not only data but also system configurations and software to enable a full and timely recovery.
- Management buy-in is critical: Senior leadership must understand the importance of cybersecurity and provide the necessary funding and organizational support for robust defense measures.
- People are a key vulnerability: Technical defenses can be bypassed by human error, as demonstrated by the second attack which originated from a phishing email, underscoring the need for continuous employee training.
- Cybercrime is an evolving 'arms race': Attackers are becoming increasingly sophisticated, professional, and organized, requiring businesses to continually adapt and strengthen their defenses.

This paper explores the potential opportunities and risks of the emerging metaverse for business and society through an interview format with leading researchers. The study analyzes the current state of metaverse technologies, their potential business applications, and critical considerations for governance and ethical implementation for IT practitioners.

Problem Following renewed corporate interest and massive investment, the concept of the metaverse has generated significant hype, but businesses lack clarity on its definition, tangible value, and long-term impact. This creates uncertainty for leaders about how to approach the technology, differentiate it from past virtual worlds, and navigate the significant risks of surveillance, data privacy, and governance.

Outcome - The business value of the metaverse centers on providing richer, safer experiences for customers and employees, reducing costs, and meeting organizational goals through applications like immersive training, virtual collaboration, and digital twins.
- Companies face a critical choice between centralized 'Web 2' platforms, which monetize user data, and decentralized 'Web 3' models that offer users more control over their digital assets and identity.
- The metaverse can improve employee onboarding, training for dangerous tasks, and collaboration, offering a greater sense of presence than traditional videoconferencing.
- Key challenges include the lack of a single, interoperable metaverse (which is likely over a decade away), limited current capabilities of decentralized platforms, and the potential for negative consequences like addiction and surveillance.
- Businesses are encouraged to explore potential use cases, participate in creating open standards, and consider both the immense promise and potential perils before making significant investments.

This study investigates the leadership challenges inherent in smart city digital transformations. Based on in-depth interviews with leaders from 12 cities, the research identifies common obstacles and describes three 'boundary management' strategies leaders use to overcome them and drive sustainable change.

Problem Cities struggle to scale up smart city initiatives beyond the pilot stage because of a fundamental conflict between traditional, siloed city bureaucracy and the integrated, data-driven logic of a smart city. This clash creates significant organizational, political, and cultural barriers that impede progress and prevent the realization of long-term benefits for citizens.

Outcome - Identifies eight key challenges for smart city leaders, including misalignment of municipal structures, restrictive data policies, resistance to innovation, and city politics.
- Finds that successful smart city leaders act as expert 'boundary spanners,' navigating the divide between the traditional institutional logic of city governance and the emerging logic of smart cities.
- Proposes a framework of three boundary management strategies leaders use: 1) Boundary Bridging to generate buy-in and knowledge, 2) Boundary Buffering to protect projects from resistance, and 3) Boundary Building to create new, sustainable governance structures.

This study investigates the need for flexibility and speed in creating and updating cybersecurity rules within organizations. Through in-depth interviews with cybersecurity professionals, the research identifies key areas of digital risk and provides practical recommendations for businesses to develop more agile and adaptive security policies.

Problem In the face of rapidly evolving cyber threats, many organizations rely on static, outdated cybersecurity policies that are only updated after a security breach occurs. This reactive approach leaves them vulnerable to new attack methods, risks from new technologies, and threats from business partners, creating a significant security gap.

Outcome - Update cybersecurity policies to address risks from outdated legacy systems by implementing modern digital asset and vulnerability management.
- Adapt policies to address emerging technologies like AI by enhancing technology scouting and establishing a resilient cyber risk management framework.
- Strengthen policies for third-party vendors by conducting agile risk assessments and regularly reviewing security controls in contracts.
- Build flexible policies for disruptive external events (like pandemics or geopolitical tensions) through continuous employee training and robust business continuity plans.

This study analyzes an alternative cybersecurity information-sharing forum centered on the extended value chain of a single company in the forest and paper products industry. The paper explores the forum's design, execution, and challenges to provide recommendations for similar company-specific collaborations. The goal is to enhance cybersecurity resilience across interconnected business partners by fostering a more trusting and relevant environment for sharing best practices.

Problem As cyberthreats become more complex, industries with interconnected information and operational technologies (IT/OT) face significant vulnerabilities. Despite government and industry calls for greater collaboration, inter-organizational cybersecurity information sharing remains sporadic due to concerns over confidentiality, competitiveness, and lack of trust. Standard sector-based sharing initiatives can also be too broad to address the specific needs of a company and its unique value chain partners.

Outcome - A company-led, value-chain-specific cybersecurity forum is an effective alternative to broader industry groups, fostering greater trust and more relevant discussions among business partners.
- Key success factors for such a forum include inviting the right participants (security strategy leaders), establishing clear ground rules to encourage open dialogue, and using external facilitators to ensure neutrality.
- The forum successfully shifted the culture from one of distrust to one of transparency and collaboration, leading participants to be more open about sharing experiences, including previous security breaches.
- Participants gained valuable insights into the security maturity of their partners, leading to tangible improvements in cybersecurity practices, such as updating security playbooks, adopting new risk metrics, and enhancing third-party risk management.
- The collaborative model strengthens the entire value chain, as companies learn from each other's strategies, tools, and policies to collectively improve their defense against common threats.

This study explores how cyber insurance serves as more than just a financial tool for compensating victims of cyber incidents. Based on in-depth interviews with insurance industry experts and policy buyers, the research analyzes how insurance improves an organization's cybersecurity across three distinct stages: pre-purchase, post-purchase, and post-cyberattack.

Problem As businesses increasingly rely on digital technologies, they face a growing risk of cyberattacks that can lead to severe financial losses, reputational harm, and regulatory penalties. Many companies possess inadequate cybersecurity measures, and there is a need to understand how external mechanisms like insurance can proactively strengthen defenses rather than simply covering losses after an attack.

Outcome - Cyber insurance actively enhances an organization's security posture, not just providing financial compensation after an incident.
- The pre-purchase underwriting process forces companies to rigorously evaluate and improve their cybersecurity practices to even qualify for a policy.
- Post-purchase, insurers require continuous improvement through audits and training, often providing resources and expertise to help clients strengthen their defenses.
- Following an attack, cyber insurance provides access to critical incident management services, including expert support for damage containment, system restoration, and post-incident analysis to prevent future breaches.

This paper presents a case study on HireVue, a company that provides an AI application for assessing job interviews. It describes the transparency-related challenges HireVue faced and explains how it addressed them by developing a "glass box" approach, which focuses on making the entire system of AI development and deployment understandable, rather than just the technical algorithm.

Problem AI applications used for critical decisions, such as hiring, are often perceived as technical "black boxes." This lack of clarity creates significant challenges for businesses in trusting the technology, ensuring fairness, mitigating bias, and complying with regulations, which hinders the responsible adoption of AI in recruitment.

Outcome - The study introduces a "glass box" model for AI transparency, which shifts focus from the technical algorithm to the broader sociotechnical system, including design processes, client interactions, and organizational functions.
- HireVue implemented five types of transparency practices: pre-deployment client-focused, internal, post-deployment client-focused, knowledge-related, and audit-related.
- This multi-faceted approach helps build trust with clients, regulators, and applicants by providing clarity on the AI's application, limitations, and validation processes.
- The findings serve as a practical guide for other AI software companies on how to create effective and comprehensive transparency for their own applications, especially in high-stakes fields.

This paper presents a case study on Germany's implementation of FLORA, a blockchain-based IT system designed to manage the intergovernmental processing of asylum seekers. It analyzes how the project navigated legal and technical challenges across different government levels. Based on the findings, the study offers three key recommendations for successfully deploying similar complex, multi-agency IT systems in the public sector.

Problem Governments face significant challenges in digitalizing services that require cooperation across different administrative layers, such as federal and state agencies. Legal mandates often require these layers to maintain separate IT systems, which complicates data exchange and modernization. Germany's asylum procedure previously relied on manually sharing Excel-based lists between agencies, a process that was slow, error-prone, and created data privacy risks.

Outcome - FLORA replaced inefficient Excel-based lists with a decentralized system, enabling a more efficient and secure exchange of procedural information between federal and state agencies.
- The system created a 'single procedural source of truth,' which significantly improved the accuracy, completeness, and timeliness of information for case handlers.
- By streamlining information exchange, FLORA reduced the time required for initial stages of the asylum procedure by up to 50%.
- The blockchain-based architecture enhanced legal compliance by reducing procedural errors and providing a secure way to manage data that adheres to strict GDPR privacy requirements.
- The study recommends that governments consider decentralized IT solutions to avoid the high hidden costs of centralized systems, deploy modular solutions to break down legacy architectures, and use a Software-as-a-Service (SaaS) model to lower initial adoption barriers for agencies.

This study examines the strategies employed by the Danish Business Authority (DBA), a pioneering public-sector adopter of AI, for the continuous evaluation of its AI systems. Through a case study of the DBA's practices and their custom X-RAI framework, the paper provides actionable recommendations for other organizations on how to manage AI systems responsibly after deployment.

Problem AI systems can degrade in performance over time, a phenomenon known as model drift, leading to inaccurate or biased decisions. Many organizations lack established procedures for the ongoing monitoring and evaluation of AI systems post-deployment, creating risks of operational failures, financial losses, and non-compliance with regulations like the EU AI Act.

Outcome - Organizations need a multi-faceted approach to AI evaluation, as single strategies like human oversight or periodic audits are insufficient on their own.
- The study presents the DBA's three-stage evaluation process: pre-production planning, in-production monitoring, and formal post-implementation evaluations.
- A key strategy is 'enveloping' AI systems and their evaluations, which means setting clear, pre-defined boundaries for the system's use and how it will be monitored to prevent misuse and ensure accountability.
- The DBA uses an MLOps platform and an 'X-RAI' (Transparent, Explainable, Responsible, Accurate AI) framework to ensure traceability, automate deployments, and guide risk assessments.
- Formal evaluations should use deliberate sampling, including random and negative cases, and 'blind' reviews (where caseworkers assess a case without seeing the AI's prediction) to mitigate human and machine bias.

This study investigates the challenges of implementing responsible AI in complex, multi-stakeholder environments such as humanitarian crises. Researchers analyzed the deployment of six AI tools, identifying significant gaps in expectations and values among developers, aid agencies, and affected populations. Based on these findings, the paper introduces the concept of "AI Responsibility Rifts" (AIRRs) and proposes the SHARE framework to help organizations navigate these disagreements.

Problem Traditional approaches to AI safety focus on objective, technical risks like hallucinations or data bias. This perspective is insufficient for data-sensitive contexts because it overlooks the subjective disagreements among diverse stakeholders about an AI tool's purpose, impact, and ethical boundaries. These unresolved conflicts, or "rifts," can hinder the adoption of valuable AI tools and lead to unintended negative consequences for vulnerable populations.

Outcome - The study introduces the concept of "AI Responsibility Rifts" (AIRRs), defined as misalignments in stakeholders' subjective expectations, values, and perceptions of an AI system's impact.
- It identifies five key areas where these rifts occur: Safety, Humanity, Accountability, Reliability, and Equity.
- The paper proposes the SHARE framework, a self-diagnostic questionnaire designed to help organizations identify and address these rifts among their stakeholders.
- It provides core recommendations and caveats for executives to close the gaps in each of the five rift areas, promoting a more inclusive and effective approach to responsible AI.

This paper presents a case study of a fictional insurance company, based on real-life events, to illustrate how generative artificial intelligence (GenAI) can be used for both offensive and defensive cybersecurity purposes. It explores the dual nature of GenAI as a tool for both attackers and defenders, presenting a significant dilemma for IT executives. The study provides actionable recommendations for developing a comprehensive cybersecurity strategy in the age of GenAI.

Problem With the rapid adoption of Generative AI by both cybersecurity defenders and malicious actors, IT leaders face a critical challenge. GenAI significantly enhances the capabilities of attackers to create sophisticated, large-scale, and automated cyberattacks, while also offering powerful new tools for defense. This creates a high-stakes 'AI arms race,' forcing organizations to decide how to strategically embrace GenAI for defense without being left vulnerable to adversaries armed with the same technology.

Outcome - GenAI is a double-edged sword, capable of both triggering and defending against sophisticated cyberattacks, requiring a proactive, not reactive, security posture.
- Organizations must integrate a 'Defense in Depth' (DiD) strategy that extends beyond technology to include processes, a security-first culture, and continuous employee education.
- Robust data governance is crucial to manage and protect data, the primary target of attacks, by classifying its value and implementing security controls accordingly.
- A culture of continuous improvement is essential, involving regular simulations of real-world attacks (red-team/blue-team exercises) and maintaining a zero-trust mindset.
- Companies must fortify defenses against AI-powered social engineering by combining advanced technical filtering with employee training focused on skepticism and verification.
- Businesses should embrace proactive, AI-driven defense mechanisms like AI-powered threat hunting and adaptive honeypots to anticipate and neutralize threats before they escalate.

This study outlines a practical five-phase process for organizations to translate responsible AI principles into concrete business practices. Based on participatory action research with two startups, the paper provides a roadmap for crafting specific responsibility pledges and embedding them into organizational processes, moving beyond abstract ethical statements.

Problem Many organizations are committed to the responsible use of AI but struggle with how to implement it practically, creating a significant "principle-to-practice gap". This confusion can lead to inaction or superficial efforts known as "ethics-washing," where companies appear ethical without making substantive changes. The study addresses the lack of clear, actionable guidance for businesses, especially smaller ones, on where to begin.

Outcome - Presents a five-phase process for operationalizing responsible AI: 1) Buy-in, 2) Intuition-building, 3) Pledge-crafting, 4) Pledge-communicating, and 5) Pledge-embedding.
- Argues that responsible AI should be approached as a systems problem, considering organizational mindsets, culture, and processes, not just technical fixes.
- Recommends that organizations create contextualized, action-oriented "pledges" rather than simply adopting generic AI principles.
- Finds that investing in responsible AI practices early, even in small projects, helps build organizational capability and transfers to future endeavors.
- Provides a framework for businesses to navigate communication challenges, balancing transparency with commercial interests to build user trust.

This study presents an in-depth case study of the industrial AI pioneer Siemens AG to understand how companies can effectively scale artificial intelligence systems. It identifies five critical technology management risks associated with both generative and predictive AI and provides practical recommendations for mitigating them to create company-wide business impact.

Problem Many companies struggle to effectively scale modern AI systems, with over 70% of implementation projects failing to create a measurable business impact. These failures stem from machine learning's unique characteristics, which amplify existing technology management challenges and introduce entirely new ones that firms are often unprepared to handle.

Outcome - Missing or falsely evaluated potential AI use case opportunities.
- Algorithmic training and data quality issues.
- Task-specific system complexities.
- Mismanagement of system stakeholders.
- Threats from provider and system dependencies.

This case study examines how Siemens successfully implemented a human-centric, bottom-up approach to employee reskilling and upskilling through digital learning. The paper presents a four-phase model for leveraging information systems to address skill gaps and provides five key recommendations for organizations to foster lifelong learning in dynamic manufacturing environments.

Problem The rapid digital transformation in manufacturing is creating a significant skills gap, with a high percentage of companies reporting shortages. Traditional training methods are often not scalable or adaptable enough to meet these evolving demands, presenting a major challenge for organizations trying to build a future-ready workforce.

Outcome - The study introduces a four-phase model for developing human-centric digital learning: 1) Recognizing employee needs, 2) Identifying key employee traits (like self-regulation and attitude), 3) Developing tailored strategies, and 4) Aligning strategies with organizational goals.
- Key employee needs for successful digital learning include task-oriented courses, peer exchange, on-the-job training, regular feedback, personalized learning paths, and micro-learning formats ('learning nuggets').
- The paper proposes four distinct learning strategies based on employees' attitude and self-regulated learning skills, ranging from community mentoring for those low in both, to personalized courses for those high in both.
- Five practical recommendations for companies are provided: 1) Foster a lifelong learning culture, 2) Tailor digital learning programs, 3) Create dedicated spaces for collaboration, 4) Incorporate flexible training formats, and 5) Use analytics to provide feedback.

This study analyzes the digital transformation journey on the shop floor of automotive supplier Continental AG. Based on this case study, the paper proposes a practical three-layer model—IT evolution, work practices evolution, and mindset evolution—to guide organizations through successful digital transformation. The model provides recommended actions for aligning these layers to reduce implementation risks and improve outcomes.

Problem Many industrial companies struggle with digital transformation, particularly on the shop floor, where environments are often poorly integrated with digital technology. These transformation efforts are frequently implemented as a 'big bang,' overwhelming workers with new technologies and revised work practices, which can lead to resistance, failure to adopt new systems, and the loss of experienced employees.

Outcome - Successful digital transformation requires a coordinated and synchronized evolution across three interdependent layers: IT, work practices, and employee mindset.
- The paper introduces a practical three-layer model (IT Evolution, Work Practices Evolution, and Mindset Evolution) as a roadmap for managing the complexities of organizational change.
- A one-size-fits-all approach fails; organizations must provide tailored support, tools, and training that cater to the diverse skill levels and starting points of all employees, especially lower-skilled workers.
- To ensure adoption, work processes and performance metrics must be strategically adapted to integrate new digital tools, rather than simply layering technology on top of old workflows.
- A cultural shift is fundamental; success depends on moving away from rigid hierarchies to a culture that empowers employees, encourages experimentation, and fosters a collective readiness for continuous change.

This paper reports on a case study of how one of Europe's largest district heating providers, called EnergyCo, implemented an AI-assisted digital twin to improve energy efficiency and sustainability. The study details the implementation process and its outcomes, providing six key recommendations for executives in other industries who are considering adopting digital twin technology.

Problem Large-scale energy providers face significant challenges in managing complex district heating networks due to fluctuating energy prices, the shift to decentralized renewable energy sources, and operational inefficiencies from siloed departments. Traditional control systems lack the comprehensive, real-time view needed to optimize the entire network, leading to energy loss, higher costs, and difficulties in achieving sustainability goals.

Outcome - The AI-enabled digital twin provided a comprehensive, real-time representation of the entire district heating network, replacing fragmented views from legacy systems.
- It enabled advanced simulation and optimization, allowing the company to improve operational efficiency, manage fluctuating energy prices, and move toward its carbon neutrality goals.
- The system facilitated scenario-based decision-making, helping operators forecast demand, optimize temperatures and pressures, and reduce heat loss.
- The digital twin enhanced cross-departmental collaboration by providing a shared, holistic view of the network's operations.
- It enabled a shift from reactive to proactive maintenance by using predictive insights to identify potential equipment failures before they occur, reducing costs and downtime.

This study analyzes the successful digital transformations of CarMax and The Washington Post to advocate for a strategic shift from traditional IT project management to digital product management. It demonstrates how adopting practices like Agile and DevOps, combined with empowered, cross-functional teams, enables companies to become nimbler and more adaptive in a fast-changing digital landscape. The research is based on extensive field research, including interviews with senior executives from the case study companies.

Problem Many businesses struggle to adapt and innovate because their traditional IT project management methods are too slow and rigid for the modern digital economy. This project-based approach often results in high failure rates, misaligned business and IT goals, and an inability to respond quickly to market changes or new competitors. This gap prevents organizations from realizing the full value of their technology investments and puts them at risk of becoming obsolete.

Outcome - A shift from a project-oriented to a product-oriented mindset is essential for business agility and continuous innovation.
- Successful transformations rely on creating durable, empowered, cross-functional teams that manage a digital product's entire lifecycle, focusing on business outcomes rather than project outputs.
- Adopting practices like dual-track Agile and DevOps enables teams to discover the right solutions for customers while delivering value incrementally and consistently.
- The transition to digital product management is a long-term cultural and organizational journey requiring strong executive buy-in, not a one-time project.
- Organizations should differentiate which initiatives are best suited for a project approach (e.g., migrations, compliance) versus a product approach (e.g., customer-facing applications, e-commerce platforms).

This paper presents a case study of a large German utility company's successful transition to a data-driven organization. It outlines the strategy, which involved three core transformations: enabling the workforce, improving the data lifecycle, and implementing employee-centered data management. The study provides actionable recommendations for industrial organizations facing similar challenges.

Problem Many industrial companies, particularly in the utility sector, struggle to extract value from their data. The ongoing energy transition, with the rise of renewable energy sources and electric vehicles, has made traditional, heuristic-based decision-making obsolete, creating an urgent need for a robust corporate data culture to manage increasing complexity and ensure grid stability.

Outcome - A data culture was successfully established through three intertwined transformations: enabling the workforce, improving the data lifecycle, and transitioning to employee-centered data management.
- Enabling the workforce involved upskilling programs ('Data and AI Multipliers'), creating platforms for knowledge sharing, and clear communication to ensure widespread buy-in and engagement.
- The data lifecycle was improved by establishing new data infrastructure for real-time data, creating a central data lake, and implementing a strong data governance framework with new roles like 'data officers' and 'data stewards'.
- An employee-centric approach, featuring cross-functional teams, showcasing quick wins to demonstrate value, and transparent communication, was crucial for overcoming resistance and building trust.
- The transformation resulted in the deployment of over 50 data-driven solutions that replaced outdated processes and improved decision-making in real-time operations, maintenance, and long-term planning.

This paper presents a case study of The Odyssey Project, a fintech startup aiming to increase financial inclusion for the unbanked. It details how the company combines established SMS technology with modern innovations like blockchain and AI to create an accessible and affordable digital financial solution, particularly for users in underdeveloped countries without smartphones or consistent internet access.

Problem Approximately 1.7 billion adults globally remain unbanked, lacking access to formal financial services. This financial exclusion is often due to the high cost of services, geographical distance to banks, and the requirement for expensive smartphones and internet data, creating a significant barrier to economic participation and stability.

Outcome - The Odyssey Project developed a fintech solution that integrates old technology (SMS) with cutting-edge technologies (blockchain, AI, cloud computing) to serve the unbanked.
- The platform, named RoyPay, uses an SMS-based chatbot (RoyChat) as the user interface, making it accessible on basic mobile phones without an internet connection.
- Blockchain technology is used for the core payment mechanism to ensure secure, transparent, and low-cost transactions, eliminating many traditional intermediary fees.
- The system is built on a scalable and cost-effective infrastructure using cloud services, open-source software, and containerization to minimize operational costs.
- The study demonstrates a successful model for creating context-specific technological solutions that address the unique needs and constraints of underserved populations.

This study analyzes 31 articles from practitioner journals to understand how businesses can use Information Systems (IS) to enhance environmental sustainability. Based on a comprehensive literature review, the research provides five practical recommendations for managers to bridge the gap between sustainability goals and actual implementation, ultimately creating business value.

Problem Many businesses face growing pressure to improve their environmental sustainability but struggle to translate sustainability initiatives into tangible business value. Managers are often unclear on how to effectively leverage information systems to achieve both environmental and financial goals, a challenge referred to as the 'sustainability implementation gap'.

Outcome - Legitimize sustainability by using IS to create awareness and link environmental metrics to business value.
- Optimize processes, products, and services by using IS to reduce environmental impact and improve eco-efficiency.
- Internalize sustainability by integrating it into core business strategies and decision-making, informed by data from environmental management systems.
- Standardize sustainability data by establishing robust data governance to ensure information is accessible, comparable, and transparent across the value chain.
- Collaborate with external partners by using IS to build strategic partnerships and ecosystems that can collectively address complex sustainability challenges.

This study analyzes hundreds of digital projects to uncover the subtle, hidden root causes behind their frequent failure or underachievement. It moves beyond commonly cited symptoms, like budget overruns, to identify five fundamental organizational and structural issues that prevent companies from realizing value from their technology investments. The analysis is supported by an illustrative case study of a major insurance company's large-scale transformation program.

Problem Organizations invest heavily in digital technology expecting significant returns, but most struggle to achieve their goals, and project success rates have not improved over time. Despite an abundance of project management frameworks and best practices, companies often address the symptoms of failure rather than the underlying problems. This research addresses the gap by identifying the deep-rooted, often surprising causes for these persistent investment failures.

Outcome - The Illusion of Control: Business leaders believe they are controlling projects through metrics and governance, but this is an illusion that masks a lack of real influence over value creation.
- The Fallacy of the “Working System”: The primary goal becomes delivering a functional IT system on time and on budget, rather than achieving the intended business performance improvements.
- Conflicts of Interest: The conventional model of a single, centralized IT department creates inherent conflicts of interest, as the same group is responsible for designing, building, and quality-assuring systems.
- The IT Amnesia Syndrome: A project-by-project focus leads to a collective organizational memory loss about why and how systems were built, creating massive complexity and technical debt for future projects.
- Managing Expenses, Not Assets: Digital systems are treated as short-term expenses to be managed rather than long-term productive assets whose value must be cultivated over their entire lifecycle.

This study examines how a U.S. recruiting company, ASK Consulting, successfully managed a major digital overhaul by treating the employee transformation as a 'rite of passage.' Based on this case study, the paper outlines a three-stage approach (separation, transition, integration) and provides actionable recommendations for leaders, or 'masters of ceremonies,' to guide their workforce through profound organizational change.

Problem Many digital transformation initiatives fail because they focus on technology and business processes while neglecting the crucial human element. This creates a gap where companies struggle to convert their existing workforce from legacy mindsets and manual processes to a future-ready, digitally empowered culture, leading to underwhelming results.

Outcome - Framing a digital transformation as a three-stage 'rite of passage' (separation, transition, integration) can successfully manage the human side of organizational change.
- The initial 'separation' from old routines and physical workspaces is critical for creating an environment where employees are open to new mindsets and processes.
- During the 'transition' phase, strong leadership (a 'master of ceremonies') is needed to foster a new sense of community, establish data-driven norms, and test employees' ability to adapt to the new digital environment.
- The final 'integration' stage solidifies the transformation by making changes permanent, restoring stability, and using the newly transformed employees to train new hires, thereby cementing the new culture.
- By implementing this approach, the case study company successfully automated core operations, which led to significant increases in productivity and revenue with a smaller workforce.

This study examines the use of no-code and low-code development tools by citizen developers (non-IT employees) to accelerate productivity and bypass traditional IT bottlenecks. Based on the experiences of several organizations, the paper identifies the strengths, risks, and misalignments between citizen developers and corporate IT departments. It concludes by providing recommended strategies for managing these tools and developers to enhance organizational agility.

Problem Organizations face a growing demand for digital transformation, which often leads to significant IT bottlenecks and costly delays. Hiring professional developers is expensive and can be ineffective due to a lack of specific business insight. This creates a gap where business units need to rapidly deploy new applications but are constrained by the capacity and speed of their central IT departments.

Outcome - No-code tools offer significant benefits, including circumventing IT backlogs, reducing costs, enabling rapid prototyping, and improving alignment between business needs and application development.
- Key challenges include finding talent with the right mindset, dependency on smaller tool vendors, security and privacy risks from 'shadow IT,' and potential for poor data architecture in citizen-developed applications.
- A fundamental misalignment exists between IT departments and citizen developers regarding priorities, timelines, development methodologies, and oversight, often leading to friction.
- Successful adoption requires organizations to strategically manage citizen development by identifying and supporting 'problem solvers' within the business, providing resources, and establishing clear guidelines rather than overly policing them.
- While no-code tools are crucial for agility in early-stage innovation, scaling these applications requires the architectural expertise of a formal IT department to ensure reliability and performance.

This paper presents a case study on how the automotive manufacturer Audi successfully scaled an artificial intelligence (AI) solution for quality inspection in its manufacturing press shops. It analyzes Audi's four-year journey, from initial exploration to multi-site deployment, to identify key strategies and challenges. The study provides actionable recommendations for senior leaders aiming to capture business value by scaling AI innovations.

Problem Many organizations struggle to move their AI initiatives from the pilot phase to full-scale operational use, failing to realize the technology's full economic potential. This is a particular challenge in manufacturing, where integrating AI with legacy systems and processes presents significant barriers. This study addresses how a company can overcome these challenges to successfully scale an AI solution and unlock long-term business value.

Outcome - Audi successfully scaled an AI-based system to automate the detection of cracks in sheet metal parts, a crucial quality control step in its press shops.
- The success was driven by a strategic four-stage approach: Exploring, Developing, Implementing, and Scaling, with a focus on designing for scalability from the outset.
- Key success factors included creating a single, universal AI model for multiple deployments, leveraging data from various sources to improve the model, and integrating the solution into the broader Volkswagen Group's digital production platform to create synergies.
- The study highlights the importance of decoupling value from cost, which Audi achieved by automating monitoring and deployment pipelines, thereby scaling operations without proportionally increasing expenses.
- Recommendations for other businesses include making AI scaling a strategic priority, fostering collaboration between AI experts and domain specialists, and streamlining operations through automation and robust governance.

This study investigates how abstract AI ethics principles can be translated into concrete actions during technology implementation. Through a longitudinal case study at a German energy service provider, the authors observed the large-scale rollout of Robotic Process Automation (RPA) over 30 months. The research provides actionable recommendations for leaders to navigate the ethical challenges and employee concerns that arise from AI-driven automation.

Problem Organizations implementing AI to automate processes often face uncertainty, fear, and resistance from employees. While high-level AI ethics principles exist to provide guidance, business leaders struggle to apply these abstract concepts in practice. This creates a significant gap between knowing *what* ethical goals to aim for and knowing *how* to achieve them during a real-world technology deployment.

Outcome - Define clear roles for implementing and supervising AI systems, and ensure senior leaders accept overall responsibility for any negative consequences.
- Strive for a fair distribution of AI's benefits and costs among all employees, addressing tensions in a diverse workforce.
- Increase transparency by making the AI's work visible (e.g., allowing employees to observe a bot at a dedicated workstation) to turn fear into curiosity.
- Enable open communication among trusted peers, creating a 'safe space' for employees to discuss concerns without feeling judged.
- Help employees cope with fears by involving them in the implementation process and avoiding the overwhelming removal of all routine tasks at once.
- Involve employee representation bodies and data protection officers from the beginning of a new AI initiative to proactively address privacy and labor concerns.

This study analyzes the low-code/no-code adoption journeys of 24 different companies to understand the challenges and best practices of citizen development. Drawing on these insights, the paper proposes a seven-step strategic framework designed to guide organizations in effectively implementing and managing these powerful tools. The framework helps structure critical design choices to empower employees with little or no IT background to create digital solutions.

Problem There is a significant gap between the high demand for digital solutions and the limited availability of professional software developers, which constrains business innovation and problem-solving. While low-code/no-code platforms enable non-technical employees (citizen developers) to build applications, organizations often lack a coherent strategy for their adoption. This leads to inefficiencies, security risks, compliance issues, and wasted investments.

Outcome - The study introduces a seven-step framework for creating a citizen development strategy: Coordinate Architecture, Launch a Development Hub, Establish Rules, Form the Workforce, Orchestrate Liaison Actions, Track Successes, and Iterate the Strategy.
- Successful implementation requires a balance between centralized governance and individual developer autonomy, using 'guardrails' rather than rigid restrictions.
- Key activities for scaling the strategy include the '5E Cycle': Evangelize, Enable, Educate, Encourage, and Embed citizen development within the organization's culture.
- Recommendations include automating governance tasks, promoting business-led development initiatives, and encouraging the use of these tools by IT professionals to foster a collaborative relationship between business and IT units.

This study investigates the adoption of a low-code conversational Artificial Intelligence (AI) platform within four multinational corporations. Through a case study approach, the research identifies significant challenges that arise from fundamental, yet incorrect, assumptions about low-code technologies. The paper offers recommendations for companies to better navigate the implementation process and unlock the full potential of these platforms.

Problem As businesses increasingly turn to AI for process automation, they often encounter significant hurdles during adoption. Low-code AI platforms are marketed as a solution to simplify this process, but there is limited research on their real-world application. This study addresses the gap by showing how companies' false assumptions about the ease of use, adaptability, and integration of these platforms can limit their effectiveness and return on investment.

Outcome - The usability of low-code AI platforms is often overestimated; non-technical employees typically face a much steeper learning curve than anticipated and still require a foundational level of coding and AI knowledge.
- Adapting low-code AI applications to specific, complex business contexts is challenging and time-consuming, contrary to the assumption of easy tailoring. It often requires significant investment in standardizing existing business processes first.
- Integrating low-code platforms with existing legacy systems and databases is not a simple 'plug-and-play' process. Companies face significant challenges due to incompatible data formats, varied interfaces, and a lack of a comprehensive data strategy.
- Successful implementation requires cross-functional collaboration between IT and business teams, thorough platform testing before procurement, and a strategic approach to reengineering business processes to align with AI capabilities.

This study explores how employees at a warehouse in Hong Kong utilize low-code/no-code principles with everyday tools like Microsoft Excel to create unofficial solutions. It examines these noncompliant but essential workarounds that compensate for the shortcomings of their mandated corporate software system. The research is based on a qualitative case study involving interviews with warehouse staff.

Problem A global company implemented a standardized, non-customizable corporate system (Microsoft Dynamics) that was ill-suited for the unique logistical needs of its Hong Kong operations. This created significant operational gaps, particularly in delivery scheduling, leaving employees unable to perform critical tasks using the official software.

Outcome - Employees effectively use Microsoft Excel as a low-code tool to create essential, noncompliant workarounds that are vital for daily operations, such as delivery management.
- These employee-driven solutions, developed without formal low-code platforms or IT approval, become institutionalized and crucial for business success, highlighting the value of 'shadow IT'.
- The study argues that low-code/no-code development is not limited to formal platforms and that managers should recognize, support, and govern these informal solutions.
- Businesses are advised to adopt a portfolio approach to low-code development, leveraging tools like Excel alongside formal platforms, to empower employees and solve real-world operational problems.

This study investigates how companies can effectively manage 'citizen development'—where employees with minimal technical skills use low-code platforms to build applications. Drawing on 30 interviews with citizen developers and platform experts across two firms, the research provides a practical governance framework to address the unique challenges of this approach.

Problem Companies face a significant shortage of skilled software developers, leading them to adopt low-code platforms that empower non-IT employees to create applications. However, this trend introduces serious risks, such as poor software quality, unmonitored development ('shadow IT'), and long-term maintenance burdens ('technical debt'), which organizations are often unprepared to manage.

Outcome - Citizen development introduces three primary risks: substandard software quality, shadow IT, and technical debt.
- Effective governance requires a more nuanced understanding of roles, distinguishing between 'traditional citizen developers' and 'low-code champions,' and three types of technical experts who support them.
- The study proposes three core sets of recommendations for governance: 1) strategically manage project scope and complexity, 2) organize effective collaboration through knowledge bases and proper tools, and 3) implement targeted education and training programs.
- Without strong governance, the benefits of rapid, decentralized development are quickly outweighed by escalating risks and costs.

This case study investigates how GuideCom, a medium-sized German software provider, utilized the Cognigy.AI low-code platform to create an AI-based smart assistant. The research follows the company's entire development process to identify the key ways in which low-code platforms enable and constrain AI development. The study illustrates the strategic trade-offs companies face when adopting this approach.

Problem Small and medium-sized enterprises (SMEs) often lack the extensive resources and specialized expertise required for in-house AI development, while off-the-shelf solutions can be too rigid. Low-code platforms are presented as a solution to democratize AI, but there is a lack of understanding regarding their real-world impact. This study addresses the gap by examining the practical enablers and constraints that firms encounter when using these platforms for AI product development.

Outcome - Low-code platforms enable AI development by reducing complexity through visual interfaces, facilitating cross-functional collaboration between IT and business experts, and preserving resources.
- Key constraints of using low-code AI platforms include challenges with architectural integration into existing systems, ensuring the product is expandable for different clients and use cases, and managing security and data privacy concerns.
- Contrary to the 'no-code' implication, existing software development skills are still critical for customizing solutions, re-engineering code, and overcoming platform limitations, especially during testing and implementation.
- Establishing a strong knowledge network with the platform provider (for technical support) and innovation partners like clients (for domain expertise and data) is a crucial factor for success.
- The decision to use a low-code platform is a strategic trade-off; it significantly lowers the barrier to entry for AI innovation but requires careful management of platform dependencies and inherent constraints.

This study investigates how the effects of new technology, specifically body-worn cameras (BWCs), unfold within organizations over time. Using a multi-site case study of three U.S. police departments, the research develops a process model to explain how the consequences of IT implementation emerge. The study identifies three key phases in this process: individuation (selecting the technology and related policies), composition (combining the technology with users), and actualization (using the technology in real-world interactions).

Problem When organizations implement new technology, the results are often unpredictable, with outcomes varying widely between different settings. Existing research has not fully explained why a technology can be successful in one organization but fail in another. This study addresses the gap in understanding how the consequences of a new technology, like police body-worn cameras, actually develop and evolve into established organizational practices.

Outcome - The process through which technology creates new behaviors and practices is complex and non-linear, occurring in three distinct phases (individuation, composition, and actualization).
- Successful implementation is not guaranteed; it depends on the careful alignment of the technology itself (material components) with policies, training, and user adoption (expressive components) at each stage.
- The study found that of the three police departments, only one successfully implemented body cameras because it carefully selected high-quality equipment, developed specific policies for its use, and ensured officers were trained and held accountable.
- The other two departments experienced failure or delays due to poor quality equipment, generic policies, and inconsistent use, which prevented new, positive practices from taking hold.
- The model shows that outcomes emerge over time and may require continuous adjustments, demonstrating that success is an ongoing process, not a one-time event.

This study details the development of a smart activity monitoring system designed to help elderly individuals live independently at home. Using a three-year action design research approach, it deployed a sensor-based system in a community setting to understand how to best support community first responders—such as neighbors and volunteers—who lack professional healthcare training.

Problem As the global population ages, more elderly individuals wish to remain in their own homes, but this raises safety concerns like falls or medical emergencies going unnoticed. This study addresses the specific challenge of designing monitoring systems that provide remote, non-professional first responders with the right information (situational awareness) to accurately assess an emergency alert and respond effectively.

Outcome - Technology adaptation alone is insufficient; the system design must also encourage the elderly person to adapt their behavior, such as carrying a beacon when leaving home, to ensure data accuracy.
- Instead of relying on simple automated alerts, the system should provide responders with contextual information, like usual sleep times or last known activity, to support human-based assessment and reduce false alarms.
- To support teams of responders, the system must integrate communication channels, allowing all actions and updates related to an alert to be logged in a single, closed-loop thread for better coordination.
- Long-term activity data can be used for proactive care, helping identify subtle changes in behavior (e.g., deteriorating mobility) that may signal future health risks before an acute emergency occurs.

This study proposes a robust framework, based on systems theory, for maintaining meaningful human control over complex human-AI systems. The framework emphasizes the importance of continual human learning to parallel advancements in machine learning, operating through two distinct modes: a stable mode for efficient operation and an adaptive mode for learning. The authors demonstrate this concept with a method called reciprocal human-machine learning applied to a critical text classification system.

Problem Traditional methods for control and oversight are insufficient for the complexity of modern AI technologies, creating a gap in ensuring that critical AI systems remain aligned with human values and goals. As AI becomes more autonomous and operates in volatile environments, there is an urgent need for a new approach to design systems that allow humans to effectively stay in control and adapt to changing circumstances.

Outcome - The study introduces a framework for human control over AI that operates at multiple levels and in two modes: stable and adaptive.
- Effective control requires continual human learning to match the pace of machine learning, ensuring humans can stay 'in the loop' and 'in control'.
- A method called 'reciprocal human-machine learning' is presented, where humans and AI learn from each other's feedback in an adaptive mode.
- This approach results in high-performance AI systems that are unbiased and aligned with human values.
- The framework provides a model for designing control in critical AI systems that operate in dynamic environments.

This study explores how to improve cybersecurity by focusing on the human element. Based on interviews with C-level executives and prior experimental research, the paper proposes a strategy for communicating cyber threats that balances making employees aware of the dangers (fear) with building their confidence (efficacy) to handle those threats effectively.

Problem Despite advanced security technology, costly data breaches continue to rise because human error remains the weakest link. Traditional cybersecurity training and policies have proven ineffective, indicating a need for a new strategic approach to manage human risk.

Outcome - Human behavior is the primary vulnerability in cybersecurity, and conventional training programs are often insufficient to address this risk.
- Managers must strike a careful balance in their security communications: instilling a healthy awareness of threats ('survival fear') without causing excessive panic or anxiety, which can be counterproductive.
- Building employees' confidence ('efficacy') in their ability to identify and respond to threats is just as crucial as making them aware of the dangers.
- Effective tools for changing behavior include interactive methods like phishing simulations that provide immediate feedback, gamification, and fostering a culture where security is a shared responsibility.
- The most effective approach is to empower users by providing them with clear, simple tools and the knowledge to act, rather than simply punishing mistakes or overwhelming them with fear.

This study develops design principles for Virtual Learning Companions (VLCs), which are AI-powered chatbots designed to help students with motivation and time management. Using a design science research approach, the authors conducted interviews, workshops, and built and tested several prototypes with students. The research aims to create a framework for designing VLCs that not only provide functional support but also build a supportive, companion-like relationship with the learner.

Problem Working students in higher education often struggle to balance their studies with their jobs, leading to challenges with motivation and time management. While conversational AI like ChatGPT is becoming common, these tools often lack the element of companionship and a holistic approach to learning support. This research addresses the gap in how to design AI learning tools that effectively integrate motivation, time management, and relationship-building from a user-value-centered perspective.

Outcome - The study produced a comprehensive framework for designing Virtual Learning Companions (VLCs), resulting in 9 design principles, 28 meta-requirements, and 33 design features.
- The findings are structured around a “value-in-interaction” model, which proposes that a VLC's value is created across three interconnected layers: the Relationship Layer, the Matching Layer, and the Service Layer.
- Key design principles include creating a human-like and adaptive companion, enabling proactive and reactive behavior, building a trustworthy relationship, providing supportive content, and fostering a motivational and ethical learning environment.
- Evaluation of a coded prototype revealed that different student groups have different preferences, emphasizing that VLCs must be adaptable to their specific educational context and user needs to be effective.

This paper presents an in-depth case study of how the automotive manufacturer Audi successfully scaled an artificial intelligence (AI) solution for quality control in its manufacturing plants. The study outlines Audi's four-year journey to develop and deploy an AI system that automatically detects cracks in sheet metal parts. Based on this real-world example, the paper provides actionable recommendations for business leaders seeking to implement AI at scale.

Problem While artificial intelligence offers significant potential to create business value, many companies struggle to move AI projects beyond the pilot or proof-of-concept stage. This failure to scale AI innovations, particularly in complex industrial environments like manufacturing, represents a major barrier to realizing a return on investment. This study addresses the gap between AI's potential and the practical challenges of widespread, value-driven implementation.

Outcome - Audi successfully developed and scaled an AI-based visual inspection system across multiple press shops, significantly improving quality control for sheet metal parts.
- The success was built on a structured four-stage journey: exploring the initial idea, developing a scalable solution, implementing it within the existing IT infrastructure, and finally scaling it across multiple sites.
- A key strategy was to design the system for scalability from the outset by creating a single, universal AI model that could be deployed in various contexts, leveraging data from all locations to continuously improve performance.
- The study offers a roadmap for executives, recommending that AI scaling be treated as a strategic priority, that interdisciplinary collaboration is fostered, and that AI operations are streamlined through automation and robust governance.

This study examines how various actors, including legal experts, government officials, and industry leaders, collaborated to create laws for new technologies like blockchain. Through a case study in Liechtenstein, it analyzes the process of developing a law on "trustworthy technology," focusing on how the participants collectively made sense of a complex and evolving subject to construct a new regulatory framework.

Problem Governments face a significant challenge in regulating emerging digital technologies. They must create rules that prevent harmful effects and protect users without stifling innovation. This is particularly difficult when the full potential and risks of a new technology are not yet clear, creating regulatory gaps and uncertainty for businesses.

Outcome - Creating effective regulation for new technologies is a process of 'collective prospective sensemaking,' where diverse stakeholders build a shared understanding over time.
- This process relies on two interrelated activities: 'abstraction' and 'elaboration'. Abstraction involves generalizing the essential properties of a technology to create flexible, technology-neutral rules that encourage innovation.
- Elaboration involves specifying details and requirements to provide legal certainty and protect users.
- Through this process, the regulatory target can evolve significantly, as seen in the case study's shift from regulating 'blockchain/cryptocurrency' to a broader, more durable law for the 'token economy' and 'trustworthy technology'.