Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education

Today’s digital organizations recognize the imperative of adopting a strategic approach to cybersecurity, acknowledging that managerial and behavioral processes, alongside technical measures, play a crucial role in ensuring organizational cybersecurity. Despite this understanding, the existing literature lacks clarity on the relationship between organizational governance and cybersecurity. Practical guidance is also limited on how different mechanisms of governance—structural, formal, and relational—can be leveraged to enhance an organization’s cybersecurity posture considering its overall governance model. To address this gap, we conducted interviews with 12 employees from a higher education institution. Our findings suggest a robust connection between organizational governance and cybersecurity management, revealing that cybersecurity strategy and behavior are influenced by the governance choices made within an organization. Our results highlight the significance of relational governance in a setting where it is challenging to impose rules and regulations due to the independence of organizational units and the autonomy of employees.

Cybersecurity, Governance, Higher Education, Qualitative Study 

Conference (external link, opens in new window)