Paper Type

Short

Paper Number

PACIS2026-1680

Description

An overlooked aspect of cybersecurity regulation is how supervisory partnerships between regulators and regulated entities can enable cybersecurity uplift. While research confirms that mandated regulation improves security performance and is critical, this approach can also foster a checkbox mentality and does not necessarily result in enhanced security outcomes. Drawing on stakeholder theory, ethics of care, and information security governance, this study proposes a conceptual process model for supervisory partnerships that emphasises shared responsibility, transparency, and accountability. The model maps specific activities across diverse stakeholders, from policymakers to service recipients, establishing balanced partnerships beyond traditional top-down approaches. The model reconceptualises cybersecurity supervision as regulator-driven yet collaborative, fostering shared responsibility and incorporating typically overlooked participants. This research offers both theoretical contribution through novel theoretical integration and practical value by responding to systemic regulatory challenges with national security implications. Future work will empirically validate this model through comparative case studies.

Comments

08-Security

Share

COinS
 
Jul 5th, 12:00 AM

Enabling Cybersecurity Uplift Through Supervisory Partnerships

An overlooked aspect of cybersecurity regulation is how supervisory partnerships between regulators and regulated entities can enable cybersecurity uplift. While research confirms that mandated regulation improves security performance and is critical, this approach can also foster a checkbox mentality and does not necessarily result in enhanced security outcomes. Drawing on stakeholder theory, ethics of care, and information security governance, this study proposes a conceptual process model for supervisory partnerships that emphasises shared responsibility, transparency, and accountability. The model maps specific activities across diverse stakeholders, from policymakers to service recipients, establishing balanced partnerships beyond traditional top-down approaches. The model reconceptualises cybersecurity supervision as regulator-driven yet collaborative, fostering shared responsibility and incorporating typically overlooked participants. This research offers both theoretical contribution through novel theoretical integration and practical value by responding to systemic regulatory challenges with national security implications. Future work will empirically validate this model through comparative case studies.