CYBERSECURITY GOVERNANCE IN PUBLIC INSTITUTIONS: MANAGING DIGITAL RISKS AND RESILIENCE
Abstract
This study explores the evolving landscape of cybersecurity governance in public institutions through a comprehensive literature review, emphasizing the management of digital risks and the cultivation of organizational resilience. As public sectors increasingly rely on digital infrastructure, vulnerabilities to cyber threats have grown, necessitating a governance framework that integrates technology, policy, and human factors. The review synthesizes scholarly works published between 2018 and 2025 to identify dominant themes, frameworks, and challenges in public sector cybersecurity. Findings reveal that effective governance requires multidimensional coordination among institutional leadership, regulatory bodies, and information technology systems. Resilience emerges not only from technical preparedness but also from adaptive institutional cultures and proactive policy implementation. The study highlights the critical need for continuous capacity building and strategic policy reform to address emerging digital risks. It further underscores the importance of integrating cybersecurity governance within broader digital transformation agendas. The paper contributes to the theoretical understanding of cybersecurity governance as a vital mechanism for safeguarding public trust and ensuring the sustainability of digital governance systems.
References
Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45–69. https://doi.org/10.1016/j.cose.2014.11.006
Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity awareness in higher education: A case for cybersecurity governance framework. Procedia Computer Science, 159, 712–718. https://doi.org/10.1016/j.procs.2019.09.224
Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity awareness in higher education: A case for cybersecurity governance framework. Procedia Computer Science, 159, 712–718. https://doi.org/10.1016/j.procs.2019.09.224
AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567–575. https://doi.org/10.1016/j.chb.2015.03.054
Alotaibi, R., Furnell, S., & Clarke, N. (2022). A framework for cybersecurity governance in the public sector: Lessons from developing nations. Computers & Security, 116, 102628. https://doi.org/10.1016/j.cose.2022.102628
Alshahrani, A., Alkhathlan, K., & Almarshad, S. (2023). Digital transformation and cybersecurity challenges in public administration: A systematic review. Journal of Information Security and Applications, 73, 103507. https://doi.org/10.1016/j.jisa.2023.103507
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003
Bhardwaj, A., Purohit, H., & Alsaeedi, F. (2022). Impact of COVID-19 on digital transformation and cybersecurity preparedness in the public sector. Computers & Security, 120, 102806. https://doi.org/10.1016/j.cose.2022.102806
Cheung, A., & Li, X. (2023). Strategic management of cybersecurity capabilities in public organizations: A resource-based view. Government Information Quarterly, 40(3), 101752. https://doi.org/10.1016/j.giq.2023.101752
Chotia, V., Khoualdi, K., Broccardo, L., & Yaqub, M. Z. (2025). The role of cyber security and digital transformation in gaining competitive advantage through Strategic Management Accounting. Technology in Society, 81, 102851.
Dawes, S. S. (2023). Digital era governance: Building trust and resilience through cybersecurity policy integration. Government Information Quarterly, 40(4), 101767. https://doi.org/10.1016/j.giq.2023.101767
Dwivedi, R. (2023). Ten years of cybersecurity governance, risk and compliance: A bibliometric examination of research themes, trends, and influencers. Issues in Information Systems, 24(3), 43–57. https://doi.org/10.48009/3_iis_2023_105
Figueroa, V., Sánchez Crespo, L. E., Santos-Olmo, A., Rosado, D. G., & Fernández-Medina, E. (2025). Building a holistic cybersecurity framework for e-Government based on a systematic analysis of proposals. International Journal of Information Security, 24(3), 1-19. https://doi.org/10.1007/s10207-025-01024-0
Gale, M., Bongiovanni, I., & Slapnicar, S. (2022). Governing cybersecurity from the boardroom: Challenges, drivers, and ways ahead. Computers & Security, 121, 102840. https://doi.org/10.1016/j.cose.2022.102840
Horák, P., & Špaček, D. (2025). Organizational resilience of public sector organizations responding to the COVID-19 pandemic in Czechia and key influencing factors: use of the Nograšek and Vintar model. International Journal of Public Administration, 48(8), 485-501. https://doi.org/10.1080/01900692.2024.2371421
Kankanhalli, A., Charalabidis, Y., & Mellouli, S. (2021). Digital governance transformation: A framework for alignment and integration. Government Information Quarterly, 38(4), 101612. https://doi.org/10.1016/j.giq.2021.101612
Kiel, D., Arnold, C., & Voigt, K. I. (2022). Resilience in the digital era: How public organizations can strengthen their digital infrastructures. Government Information Quarterly, 39(4), 101758. https://doi.org/10.1016/j.giq.2022.101758
Kostyuk, N., Wojcik, S., & Skoczylis, J. (2021). Resilience by design: Building adaptive capacity in digital governance systems. Public Administration Review, 81(6), 1079–1092. https://doi.org/10.1111/puar.13389
Linkov, I., & Trump, B. D. (2019). The science and practice of resilience. Springer.
Magnusson, L., Iqbal, S., Elm, P., & Dalipi, F. (2025). Information security governance in the public sector: investigations, approaches, measures, and trends. International Journal of Information Security, 24(4), 177. https://doi.org/10.1007/s10207-025-01097-x
Mijwil, M., Filali, Y., Aljanabi, M., Bounabi, M., & Al-Shahwani, H. (2023). The purpose of cybersecurity governance in the digital transformation of public services and protecting the digital environment. Mesopotamian journal of cybersecurity, 2023, 1-6. https://doi.org/10.58496/MJCS/2023/001
Modi, A., Kuzminykh, I., & Ghita, B. (2023). Data Driven Approaches to Cybersecurity Governance for Board Decision-Making--A Systematic Review. arXiv preprint arXiv:2311.17578. https://arxiv.org/abs/2311.17578
National Institute of Standards and Technology. (2018). Risk Management Framework for Information Systems and Organizations (SP 800-37 Rev. 2). https://doi.org/10.6028/NIST.SP.800-37r2
National Institute of Standards and Technology. (2024). NIST Cybersecurity Framework (CSF) 2.0. Retrieved from: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
Nfuka, E. N., & Rusu, L. (2019). The effect of IT governance maturity on public sector performance in developing countries: Case of Tanzania. Government Information Quarterly, 36(1), 1–15. https://doi.org/10.1016/j.giq.2018.10.001
Nguyen, D., & Kim, S. (2023). Cybersecurity governance alignment in the digital public sector: Evidence from comparative government models. Information & Management, 60(8), 103832. https://doi.org/10.1016/j.im.2023.103832
Paigude, S. D., Pangarkar, S. C., & Dari, S. S. (2024). A review of cybersecurity policies in the public sector: Challenges and solutions. Computer Fraud & Security, 2024(3), 5–12. https://doi.org/10.52710/cfs.28
Saeed, S., Altamimi, S. A., Alkayyal, N. A., Alshehri, E., & Alabbad, D. A. (2023). Digital transformation and cybersecurity challenges for business resilience: Issues and recommendations. Sensors, 23(15), 6666. https://doi.org/10.3390/s23156666
Savaş, S., & Tekin, S. (2022). Cyber governance studies in ensuring cybersecurity. Journal of Information Security and Cybercrimes Research, 5(1), 1–9. https://pubmed.ncbi.nlm.nih.gov/37521508/
Shen, Y., Cheng, Y., & Yu, J. (2023). From recovery resilience to transformative resilience: How digital platforms reshape public service provision during and post COVID-19. Public Management Review, 25(4), 710-733.
1.png)
