Abstract/Summary

This thesis encompasses a qualitative study which explores the niche field at the confluence of cybersecurity, governing bodies, and corporate strategy. It uses data from 31 in-depth elite interviews with board members and the chief executive team to investigate the way governance of cybersecurity in an organisation can potentially lead to opportunities, including competitive advantage. The thematic analysis has been crucial to unearth findings which contribute to the ever-growing body of knowledge, which is particularly challenging owing to the constantly evolving domain of technology and cybersecurity, as well as the highly private and concealed inner world of boardrooms. In the 4.0 economy characterised by modern technologies, within the scope of an increasingly cyber-vulnerable virtual realm, further exposed in the wake of the Covid-19 pandemic, this study offers useful insights. The findings highlight the ability of robust cybersecurity practices to enable an organisation to derive opportunities over their competitors. These findings underscore the involvement of governing bodies in the strategic decision-making for cybersecurity, instead of an operational involvement of the IT department to enable robust cybersecurity. The former enables an organisation to achieve advantages over its competitors, as opposed to the latter perspective of several organisations which renders them vulnerable to long-term reputational, financial, and legal damage and/or demise. Finally, this study urges governing boards, in tandem with their executive teams, to prioritise cybersecurity on their strategic agenda, not only to avoid potential damage but also to exploit opportunities. It contributes to the debate between an operational and strategic perspective to organisational cybersecurity by underscoring the advantages of the strategic stance. The above findings add value to literature which expands the existing discussion of potential sources of competitive advantage to incorporate cybersecurity-led competitive advantages. Simultaneously, reiterating the importance to the practitioner community by highlighting the real-world impact of robust cybersecurity, which is governed strategically, enabling the organisation to derive advantages from it. These findings contribute to the extant literature and field of praxis for this dynamic and fascinating domain.