Abstract

As the frequency and sophistication of cyber threats continue to escalate, cybersecurity has evolved from a technical concern to a central pillar of strategic enterprise governance. This TREO Talk presents the findings of a rigorous systematic literature review (SLR) encompassing 69 scholarly publications selected using the PRISMA 2020 framework. The study investigates how executive managers (EMs) influence the success of cybersecurity risk management (CRM) programs and frames their participation as both a requirement and a competitive advantage. Despite global investment in security infrastructure, many organizations remain vulnerable to breaches, largely due to the absence of sustained executive leadership in CRM. This research exposes a persistent gap between technical risk solutions and the strategic insight required at the executive level to integrate these solutions across business functions. Drawing from multidisciplinary sources, this work identifies that EMs who actively shape and lead CRM policies achieve superior outcomes in resilience, compliance, stakeholder trust, and organizational agility. The study introduces the 'Action and Remediation Zone Framework'—a novel conceptual model that delineates two interconnected zones of executive involvement: (1) the Action Zone, encompassing proactive functions such as risk appetite definition, cybersecurity budgeting, strategy alignment, and enterprise-wide awareness cultivation; and (2) the Regeneration Zone, focusing on post-incident leadership roles including crisis communication, accountability, trust rebuilding, and systemic improvement. The framework synthesizes the best practices from ISO/IEC 27001, COBIT, and the NIST Cybersecurity Framework, reframing them to center executive agency in CRM decision-making. This TREO Talk will showcase how EMs can influence technical decisions through strategic foresight and governance alignment, reinforcing that their presence is indispensable at every critical juncture—from setting organizational tone to navigating breach recovery. It will also demonstrate that cybersecurity success depends not only on tools and technologies but on visionary leadership that treats CRM as a shared, cultural priority. Furthermore, the session will engage the IS community in discussing future research directions, including empirical validation of the proposed framework, metrics for assessing executive involvement, and longitudinal studies exploring CRM maturity across sectors. By placing EMs at the heart of CRM, this work lays a foundation for redefining cybersecurity leadership in the age of digital transformation and persistent threats. Attendees will gain both theoretical frameworks and actionable insights to influence policy, shape organizational culture, and architect resilient security strategies from the top down.

Comments

tpp1292

Download

Share

COinS