Paper Type
ERF
Abstract
The Chief Information Security Officer (CISO) is increasingly recognized as a strategic leader, yet limited empirical evidence links specific CISO governance design choices and CISO human capital to organizational Incident Response Capability (IRC). Bridging cybersecurity governance and incident response research streams, we examine how CISO reporting independence and CISO capability relate to enterprise-wide IRC and whether reporting independence conditions the translation of CISO capability into stronger IRC. Using an LLM-assisted extraction pipeline, we build firm-year indicators from SEC 10‑K Item 1C cybersecurity disclosures for CISO reporting structure, CISO capability, and organizational IRC, and link these constructs to observed post-breach outcomes. Theoretically, this research investigates whether reporting independence conditions the translation of CISO expertise into stronger organizational IRC. Practically, our findings will offer boards evidence on how to optimally position the CISO role to build the incident response capabilities necessary to support operational cyber resilience.
Paper Number
1316
Recommended Citation
Varghese, Biju and Bui, Quang "Neo", "From Oversight to Resilience: How CISO Governance Design and Human Capital Shape Organizational Incident Response Capability" (2026). AMCIS 2026 Proceedings. 5.
https://aisel.aisnet.org/amcis2026/sig_sec/sig_sec/5
From Oversight to Resilience: How CISO Governance Design and Human Capital Shape Organizational Incident Response Capability
The Chief Information Security Officer (CISO) is increasingly recognized as a strategic leader, yet limited empirical evidence links specific CISO governance design choices and CISO human capital to organizational Incident Response Capability (IRC). Bridging cybersecurity governance and incident response research streams, we examine how CISO reporting independence and CISO capability relate to enterprise-wide IRC and whether reporting independence conditions the translation of CISO capability into stronger IRC. Using an LLM-assisted extraction pipeline, we build firm-year indicators from SEC 10‑K Item 1C cybersecurity disclosures for CISO reporting structure, CISO capability, and organizational IRC, and link these constructs to observed post-breach outcomes. Theoretically, this research investigates whether reporting independence conditions the translation of CISO expertise into stronger organizational IRC. Practically, our findings will offer boards evidence on how to optimally position the CISO role to build the incident response capabilities necessary to support operational cyber resilience.
Comments
SIG SEC