Cybersecurity Strategic Commitment

Informing Cybersecurity Strategy Through Institutional Pressures

Cybersecurity
April 26, 20252 min read

When I first started this study, I had a simple question in mind: "Why do some organizations commit more seriously to cybersecurity than others?" It's easy to assume it's just about budgets or threats. But from what I was seeing in the real world, I knew there was something deeper going on, something about leadership mindset and external pressures.

So, I decided to dig into it.

 Study Overview

  • Title: Informing Cybersecurity Strategic Commitment Through Top Management Perceptions: The Role of Institutional Pressures

  • Authors: Ogbanufe, O., Kim, D. J., & Jones, M.

  • Study Sample: Senior executives and IT leaders from multiple industries

  • Research Objective: To explore how institutional pressures—things like regulations, industry standards, and peer practices—shape top management's commitment to cybersecurity.

  • Link to publication: https://www.sciencedirect.com/science/article/abs/pii/S0378720621000811

What We Found

  •  Leaders Respond to Pressure: Institutional pressures (like compliance regulations, industry expectations, and public scrutiny) significantly influence how seriously leaders commit to cybersecurity.

  • Perception Matters: It's not just the actual rules—it's leaders' perceptions of these pressures that drive commitment.

  • Different Pressures, Different Outcomes: Coercive pressures (e.g., regulatory mandates) tend to create compliance-focused cybersecurity strategies, while normative pressures (e.g., industry best practices) inspire more proactive, integrated approaches.

Why This Matters for Governance and Risk Management

If you're building a cybersecurity governance framework, you can't just hand top executives a checklist of regulations. You have to shape how they perceive cybersecurity risks and institutional expectations.

Cybersecurity governance becomes stronger when leadership feels:

  1.          Accountable to external stakeholders.

  2.          Inspired by industry norms.

  3.          Motivated by more than just fear of penalties.

Understanding this psychology of commitment is a game-changer when designing cybersecurity programs that truly have top-down support.

 

What We Recommend for Organizations

  • Contextualize Compliance: Don't just say "it's required." Show how compliance aligns with business resilience and brand reputation.

  • Promote Industry Best Practices: Frame cybersecurity initiatives around being a leader in your industry, not just a follower of regulations.

  • Engage Executives Personally: Tailor cybersecurity messaging to the specific concerns, values, and strategic goals of your leadership team.

  • Measure Leadership Perception: Regularly assess how leadership views cybersecurity pressures and address gaps proactively.

Final Thought

At the end of the day, cybersecurity is as much about people, especially leadership, as it is about technology. When leaders internalize the right pressures and see cybersecurity as integral to success, organizations don't just comply—they lead. And that's the level of resilience and foresight we need today.

 

About the Author

Dr. Obi Ogbanufe is a researcher and consultant specializing in cybersecurity risk management, AI governance, and ethical technology practices. She partners with organizations to build leadership-driven governance strategies that anticipate, adapt, and outpace evolving digital threats.

cybersecurityrisk managementcyberinsurance
Back to Blog