BUILDING EFFECTIVE CYBERSECURITY LEADERSHIP: THE CRUCIAL ROLE OF LEADERS IN PROTECTING BUSINESSES AGAINST CYBER THREATS

Yıl 2025, Cilt: 5 Sayı: 1, 33 - 49

Cenk Aksoy

https://doi.org/10.56682/ksydergi.1539408

Öz

Today’s rapid progression in digital transformation brings new and significant security risks for businesses. Cybersecurity attacks disrupt business activities and cause significant costs, reputation damage, and customer losses. While these attacks are progressing at alarming levels, businesses focus only on the technical aspects of cybersecurity, ignoring the human factor, which is the weakest link in cybersecurity. Managers who are not aware that the most critical cybersecurity responsibility is related to managing individuals face significant challenges in the work environment. In overcoming all these difficulties, the most crucial role falls to the leaders. In addition to operational activities related to cybersecurity, leaders need to raise awareness among employees and create an effective strategy. In this context, where cybersecurity management and leadership activities intersect, cybersecurity leadership emerges as a current concept defined as directing cybersecurity activities in the most general sense. The aim of this study is to create the conceptual framework of cybersecurity leadership, examine its features, critical roles in businesses, and the factors that affect the success of such leadership. The methodology of the study focuses on a literature review that examines cybersecurity leadership, its characteristics, and its critical roles in businesses. In the literature review, several knowledge, skills, and abilities that cybersecurity leadership should have were explained, and it was concluded that strong leadership depends on an effective communication and training strategy that will increase cybersecurity awareness of employees by focusing on the human aspects as well as the technical aspects of cybersecurity.

Anahtar Kelimeler

Digital Transformation, Cyber Security, Cyber Security Leadership

ETKİLİ SİBER GÜVENLİK LİDERLİĞİ OLUŞUMU: İŞLETMELERİ SİBER TEHDİTLERE KARŞI KORUMADA LİDERLERİN KRİTİK ROLÜ

Öz

Günümüzde dijital dönüşümün hızlı ilerlemesi, işletmeler için yeni ve önemli güvenlik riskleri getirmektedir. Siber güvenlik saldırıları, iş faaliyetlerini kesintiye uğratmakta ve önemli maliyetler, itibar kaybı ve müşteri kayıplarına yol açmaktadır. Bu saldırılar endişe verici bir hızla artarken, işletmeler siber güvenliğin sadece teknik yönlerine odaklanmakta ve siber güvenliğin en zayıf halkası olan insan faktörünü göz ardı etmektedir. Siber güvenlikteki en kritik sorumluluğun bireylerin yönetimiyle ilgili olduğunu fark etmeyen yöneticiler, iş ortamında önemli zorluklarla karşılaşmaktadır. Tüm bu zorlukların üstesinden gelmekte en önemli rol liderlere düşmektedir. Siber güvenlikle ilgili operasyonel faaliyetlerin yanı sıra, liderler çalışanlar arasında farkındalık yaratmalı ve etkili bir strateji oluşturmalıdır. Bu bağlamda, siber güvenlik yönetimi ve liderlik faaliyetlerinin kesiştiği noktada, siber güvenlik liderliği en genel anlamda siber güvenlik faaliyetlerini yönlendirme olarak tanımlanan güncel bir kavram olarak ortaya çıkmaktadır. Bu çalışmanın amacı, siber güvenlik liderliğinin kavramsal çerçevesini oluşturmak, özelliklerini, işletmelerdeki kritik rollerini ve bu tür liderliğin başarısını etkileyen faktörleri incelemektir. Çalışmanın metodolojisi, siber güvenlik liderliğini, özelliklerini ve işletmelerdeki kritik rollerini inceleyen bir literatür taramasına odaklanmaktadır. Literatür taramasında, siber güvenlik liderliğinin sahip olması gereken çeşitli bilgi, beceri ve yetenekler açıklanmış ve güçlü liderliğin, çalışanların insan ve teknik yönlere odaklanarak siber güvenlik farkındalığını artıracak etkili bir iletişim ve eğitim stratejisine bağlı olduğu sonucuna varılmıştır.

Anahtar Kelimeler

Dijital Dönüşüm, Siber Güvenlik, Siber Güvenlik Liderliği

Kaynakça

• Barnes, A., & Green, S. (2020). Communication skills for cybersecurity professionals. Journal of Cybersecurity, 6(2), 1-15.
• Biener, C., Eling, M., & Wirfs, J. H. (2015). Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance - Issues and Practice, 40(1), 131-158.
• Borg, R. (2016). The impact of cybercrime on businesses: A novel conceptual framework. Journal of Intellectual Capital, 17(2), 286-305.
• Brotby, K. (2009). Information security management metrics: A definitive guide to effective security monitoring and measurement. CRC Press.
• Burns, L. D. (2018). Managing cybersecurity risk: Cases studies and solutions. Routledge.
• Burrell, N. N. (2021). Cybersecurity leadership from a talent management organizational development lens. (Unpublished Exegesis). Capitol Technology University, Maryland, USA.
• Clark, A., & Turner, D. (2017). Leadership in cybersecurity: A study of best practices. Journal of Cyber Policy, 2(3), 345-362.
• Cleveland, S., & Cleveland, M. (2018). Towards cybersecurity leadership framework. Proc. MWAIS, 49.
• Dawson, J., & Thompson, R. (2018). The future cybersecurity workforce: Going beyond technical skills for successful cyber performance. Front. Psychol., 9, 744.
• Furnell, S., & Clarke, N. (2012). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31(8), 983-988.
• Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
• Huang, K., & Pearlson, K.E. (2019). For what technology can’t fix: building a model of organizational cybersecurity culture. Hawaii International Conference on System Sciences.
• Johnson, N., & Adams, R. (2019). Technical expertise and its role in cybersecurity leadership. Information Security Journal, 28(4), 185-199.
• Kankanhalli, A., Teo, H. H., Tan, B. C., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154.
• Kappelman, L., McLean, E., Johnson, V., & Gerhart, N. (2016). The 2015 SIM IT issues and trends study. MIS Quarterly Executive, 15(1), 55-83.
• Khan, N., Houghton, J.R., Sharples, S. (2021). Understanding factors that influence unintentional insider threat: A framework to counteract unintentional risks. Cogn. Technol. Work, 1–29.
• Klimoski, R. (2016). Critical success factors for cyber security leaders: Not just technical competence. People Strategy, 39, 14–18.
• Klimoski, R. (2016). The role of professional associations in shaping a new field of practice: The case of cyber-security. Journal of Organizational Psychology, 16(1), 30-39.
• Kuusisto, R., & Kuusisto, T. (2013). Strategic communication for cyber-security leadership. Journal of Information Warfare, 12(3), 41–48. https://www.jstor.org/stable/26486840
• Martin, G., Martin, P., Hankin, C., Shamaila, R., & Rice, A. (2018). Exploring the cybersecurity landscape of risk management. Computers & Security, 77, 658-672.
• Matveev, A.V., & Nelson, P.E. (2004). Cross cultural communication competence and multicultural team performance. International Journal of Cross Cultural Management, 4, 2, 253-270.
• Morgan, R. (2017). The importance of leadership in cybersecurity. Forbes. Retrieved July 10, 2023, from https://www.forbes.com/sites/forbestechcouncil/2017/10/19/the-importance-of-leadership-in-cybersecurity
• National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity. Retrieved June 15, 2023, from https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
• Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. Holistica–Journal of Business and Public Administration, 9(3), 71-88.
• Pollini, A., Callari, T.C., Tedeschi, A., Ruscio, D., Save, L., Chiarugi, F., Guerri, D. (2021). Leveraging human factors in cybersecurity: An integrated methodological approach. Cogn. Technol. Work, 24, 371–390.
• Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757-778.
• PwC. (2018). Digital trust insights: Building digital trust to secure future growth. Retrieved from https://www.pwc.com/gx/en/issues/cyber-security/digital-trust-insights.html
• Roberts, H., & Thomas, J. (2021). Continuous learning in cybersecurity: The importance of staying current. International Journal of Cybersecurity Intelligence and Cybercrime, 4(1), 48-63.
• Rotherberger, K.E. (2016). A quantitative study of perceptions about leadership competencies of IT project managers. Ph.D. Thesis, Cappella University, Minneapolis, MN, USA.
• Ruighaver, A. B., Maynard, S. B., & Chang, S. (2007). Organisational security culture: Extending the end-user perspective. Computers & Security, 26(1), 56-62.
• Shackelford, S. J., Proia, A., Martell, D., & Craig, J. (2015). Toward a global standard of cybersecurity care? Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Texas International Law Journal, 50, 305.
• Smith, R., Petrides, L., & Brinkley, D. (2020). Developing cybersecurity leadership skills: A framework for success. Journal of Strategic Security, 13(2), 1-18.3.2. Critical Roles of Cybersecurity Leadership in Businesses
• Stevens, G. W. (2012). A Cybersecurity survey of US government and defense contractor personnel. Computers & Security, 31(5), 718-733.
• Triplett, W.J. (2021). Establishing a cybersecurity culture organization. Acta Scientific Computer Sciences, 3, 8, 44-49.
• Triplett, W.J. (2022). Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy, 2, 573–586. https://doi.org/10.3390/jcp2030029
• Uchendu, B., Nurse, J.R., Bada, M., Furnell, S. (2021). Developing a cyber security culture: current practices and future needs., Computer Security, 9, 109.
• Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97-102.
• Westerman, G., Calméjane, C., Bonnet, D., Ferraris, P., & McAfee, A. (2014). The digital advantage: How digital leaders outperform their peers in every industry. MIT Sloan Management Review, 55(1), 1-22.