This study examines the cybersecurity responses by organizations to threats. Based on the notions of exploration and exploitation, this study developed a 2 × 2 matrix to characterize organizational actions as Surviving, Investigating, Reinforcing, and Balancing. Using textual data gathered from the annual 10-K reports of 87 organizations, this study mapped the explorative and exploitative behaviors of organizations and characterized the cybersecurity responses with the 2 × 2 matrix. This study also identified the changes in cybersecurity responses over multiple time periods, and the patterns of shifts between the quadrants in the 2 × 2 matrix as organizations adapted their cybersecurity responses over time. Several implications for research and practice are discussed