Research pick: Cyber security readiness - "An empirical investigation into organisation cyber security readiness from the IT employee and manager perspectives"

In a world grappling with escalating cyber threats, research in the journal Electronic Government sheds light on the essential elements for enhancing cyber security readiness. As governments, the private sector, and individuals confront this growing menace, this work looks at five critical factors affecting how well an organization manages its cyber security readiness: employee expertise, awareness, organizational investment, compliance with standards, and risk assessment.

Zainab AlMeraj, Ali K. Alenezi, and Paul D. Manuel of the Information Science Department at Kuwait University in Al-Shadadiya, Kuwait, offer several important points for organisations to consider. Foremost is the importance of expertise within the organisation, compliance with standards, and risk assessment. Failures within any of these areas will inevitably compromise the organisation’s readiness when it comes to cyber security. These insights underscore the need for any organization to prioritize building expertise and awareness into its workforce, adhering to established cyber security standards, and consistently evaluating risks to maintain their cyber security at a sufficiently high level.

The study also reveals an inevitable correlation between expertise and investment. Organizations that make prudent investments in cyber security measures tend to have a workforce with greater prowess in the domain of digital defence, those that don’t tend to be more vulnerable to cyber attack. Even awareness, if not actual expertise is closely linked with investment, if the requisite training, conferences, workshops, and effective communication are in place, then the organisation’s defences will be stronger as those staff outside the IT department and the non-cyber experts can gain the requisite knowledge to understand what threats the organisation might face, how to deal with them or who to turn to for expert advice within the organisation if they cannot manage a given threat themselves. All of those, in turn, improves compliance with cyber security standards, which means stronger defences.

The findings have implications for corporate entities, national authorities, and individuals seeking to improve their cyber security readiness. Organizations and individuals alike must commit resources to cyber security measures and garner expertise.

A proactive approach is crucial to security. After all, bolting the stable door after the horse has bolted is not best practice in equine management. Securing the digital landscape, safeguarding governments, businesses, and individuals means ensuring everyone knows to ensure those doors are bolted, to not let third parties access the stables and to rein in errant behaviour within and external to the organisation.

AlMeraj, Z., Alenezi, A.K. and Manuel, P.D. (2023) ‘An empirical investigation into organisation cyber security readiness from the IT employee and manager perspectives’, Electronic Government, Vol. 19, No. 5, pp.539–559.