Leadership commitment: a key factor in implementation of event-based cybersecurity risk assessment

Wan Mohamad, Wan Azlena and Abd Rahim, Noor Hayani and Abdul Molok, Nurul Nuha (2025) Leadership commitment: a key factor in implementation of event-based cybersecurity risk assessment. Malaysian Journal of Social Sciences and Humanities (MJSSH), 10 (4). pp. 1-17. E-ISSN 2504-8562

Preview

PDF - Published Version Download (5MB) | Preview

Abstract

Implementing event-based cybersecurity risk assessment offers organisations a proactive approach to managing cyber threats in real-time. Unlike the asset-based approach, the event-based approach focuses on identifying and analysing potential cyber-attacks or events, rather than relying on static asset inventories. However, successful cybersecurity implementation relies not only on technical expertise but also on managerial expertise, such as strong leadership commitment. Leadership plays an important role in prioritising cybersecurity initiatives. It secures the necessary resources and ensures strategic integration into the organisation’s overall risk management framework. Despite its importance, limited research explores the impact of leadership commitment on implementing event-based cybersecurity risk assessment in organisations. This study uses a qualitative research approach to address this gap through semi-structured interviews with ten cybersecurity experts across multiple public sector organisations in Malaysia. Thematic analysis revealed three key leadership factors: (i) top management buy-in, which embeds cybersecurity into organisational priorities; (ii) resource allocation, which ensures adequate funding and support; and (iii) leadership advocacy, which maintains cybersecurity as a strategic agenda. These findings highlight that without strong leadership support, organisations may struggle to successfully implement event-based cybersecurity risk assessment. This study contributes to cybersecurity governance research by highlighting the critical role of leadership in adopting event-based cybersecurity risk assessment. It highlights the need for strategic leadership engagement in shaping cybersecurity policy, allocating resources and fostering a cyber risk-aware culture. The findings also provide practical insights for policymakers, cybersecurity professionals and organisational leaders in developing risk management frameworks to strengthen cybersecurity resilience

Item Type:	Article (Journal)
Uncontrolled Keywords:	Leadership commitment, Cybersecurity risk assessment, Event-based approach
Subjects:	T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.5 Information technology
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button):	Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology > Department of Information System
Depositing User:	Dr. Noor Hayani Abd Rahim
Date Deposited:	30 Apr 2025 16:14
Last Modified:	30 Apr 2025 16:14
URI:	http://irep.iium.edu.my/id/eprint/120819

Actions (login required)

View Item