Guardians at the Gate: The Influence of Senior Management on Cybersecurity Culture and Awareness Training : A Qualitative Multiple Case Study

Abstract:  Background: Organisations are left vulnerable and susceptible to cyber-attacks due to the digitisation of information and dependency on information and communication technologies. As a result, the critical need for organisations to hinder, protect and preserve their cyberspace from multiple threats is emphasised. Due to human error being accountable for most electronic data breaches, a resilient cybersecurity culture is desired.  To minimise cybersecurity threats, a human-inclusive strategy must be implemented in the culture and the inclusion and engagement of strong leadership within senior management.   Purpose: The purpose of this study is to explore senior management’s role in cybersecurity culture and particularly, its influence on awareness training.   Method: The research is based on an interpretivist paradigm and adheres to abductive reasoning. Through the usage of semi-structured interviews and the utilisation of non-probability sampling, qualitative data was produced, and a multiple case study was conducted.   Conclusion: Senior management influences the practical implications in the organisation, such as training, as well as the assumptions and beliefs of its employees. Senior management influences the engagement, involvement, and responsibility of protecting and safeguarding the organisation's assets, and how this is reciprocated to the whole organisation. Furthermore, senior management addresses and manages the priority of cybersecurity in the organisation. Thus, employee behaviour and attitude are greatly impacted by senior management engagement and presence, showcasing a positive correlation between senior management influence and employee behaviour and beliefs.