The article engages with the recent studies on multilevel regulation. The starting point for the argument is that contemporary multilevel regulation—as most other studies of (postnational) rulemaking—is limited in its analysis. The limitation concerns its monocentric approach that, in turn, deepens the social illegitimacy of contemporary multilevel regulation. The monocentric approach means that the study of multilevel regulation originates in the discussions on the foundation of modern States instead of returning to the origins of rules before the nation State was even created, which is where the actual social capital underlying (contemporary) rules can be found, or so I wish to argue. My aim in this article is to reframe the debate. I argue that we have an enormous reservoir of history, practices, and ideas ready to help us think through contemporary (social) legitimacy problems in multilevel regulation: namely all those practices which preceded the capture of law by the modern State system, such as historical alternative dispute resolution (ADR) practices.
The SDGs provide an important framework for businesses to address sustainable development and grand challenges (Kolk, Kourula and Pisani, 2017; Montiel et al, 2021) and SMEs, as major contributors to economic and entrepreneurial activity, are key actors in achieving national SDG targets (Sonntag et al, 2022). This study addresses the gap in the literature on SMEs and SDG action and draws on the attention-based view that emphasizes bounded managerial cognition processes and attention patterns that affect firm behavior and attention to issues and opportunities (Joseph and Wilson, 2018; Ocasio, 1997, 2011; Sullivan, 2010). Focusing specifically on attentional structure and coherence, we argue that structural mechanisms facilitate SDG integration in organizational strategy and that the relationship is influenced by attentional coherence, the degree to which attentional perspective of managers (top-down) and attentional engagement of employees (bottom-up) is aligned. Using data from the 2022 Dutch SDG Barometer (van den Berg et al, 2023), we empirically test hypotheses on a sample of 172 Dutch SMEs. The findings show a positive and significant effect on SDG strategic integration from communication and collaborative mechanisms that involve external stakeholders. However, our findings indicate that attentional coherence is not significant in influencing this relationship. We discuss the implications of our findings for academics, policymakers and practitioners.
In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
