An Analysis of Executive Managers Acceptance of Cyber Security Risk Management – A Systematic Review
Paper Type
Complete
Abstract
Information security is vital for safeguarding critical assets and services from cyber threats, but it incurs significant organizational costs and technological reliance, raising questions about its value and necessity. Security is not merely a technical issue but a strategic one requiring executive managers' involvement. This study examines how executive management's participation in information security risk management (ISRM) affects organizational security. A systematic literature review of 69 articles identifies the aspects and impacts of executive managers' (EM) involvement in cybersecurity risk management (CRM). Findings indicate that EM involvement is crucial for corporate strategy and business success, enhancing security, visibility and accountability at higher levels. EMs play a key role in protecting critical assets, aligning security strategy with business goals, and fostering a culture of awareness and responsibility. The paper proposes a best practice framework for maintaining EM involvement in CRM, aligning cybersecurity strategy with organizational goals while balancing costs and benefits.
Paper Number
1854
Recommended Citation
Becklines, Lordt and El-Gayar, Omar, "An Analysis of Executive Managers Acceptance of Cyber Security Risk Management – A Systematic Review" (2025). AMCIS 2025 Proceedings. 15.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/15
An Analysis of Executive Managers Acceptance of Cyber Security Risk Management – A Systematic Review
Information security is vital for safeguarding critical assets and services from cyber threats, but it incurs significant organizational costs and technological reliance, raising questions about its value and necessity. Security is not merely a technical issue but a strategic one requiring executive managers' involvement. This study examines how executive management's participation in information security risk management (ISRM) affects organizational security. A systematic literature review of 69 articles identifies the aspects and impacts of executive managers' (EM) involvement in cybersecurity risk management (CRM). Findings indicate that EM involvement is crucial for corporate strategy and business success, enhancing security, visibility and accountability at higher levels. EMs play a key role in protecting critical assets, aligning security strategy with business goals, and fostering a culture of awareness and responsibility. The paper proposes a best practice framework for maintaining EM involvement in CRM, aligning cybersecurity strategy with organizational goals while balancing costs and benefits.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC