Cyber security Governance as a Pillar of Enterprise Risk Management: Designing a Compliance-Driven Framework for Operational Resilience, Policy Enforcement, and Regulatory Alignment
DOI:
https://doi.org/10.63075/0jv35d33Keywords:
Cybersecurity governance, enterprise risk management, compliance, operational resilience, policy enforcement, regulatory alignment, risk maturityAbstract
As cyber threats increase and regulations become more stringent, cybersecurity has become a fundamental component of ERM, making it imperative to move from peripheral reactive approaches to integrated compliance-based models. The current research focuses on the complicated incorporation of cybersecurity governance into ERM systems, including its operational use for strengthening established protection measures, implementation of policies, and compliance with international standards. The participants of the study consisted of 146 cybersecurity and risk management practitioners who responded to an online survey. These results show that the organizations that have well-developed governance programs, or those that have dedicated resources such as a CISO, risk reporting, as well as automation technologies in their organizational structure, can respond better during cyber incidents, have quickened response times and have higher levels of compliance to regulations. On the other hand, poor board level supervisory control, laser-like low usage of sophisticated automated tools and questionable compliance policies in hybrid work environments are areas of concern currently. This research fills the gap in the current literature by suggesting a compliance-based approach to organizing and managing cyber risk in the context of broader enterprise goals. The findings call for more attention to the issue of cybersecurity governance as essential not just as control but as a valuable resource for organizational sustainability and as a basis for risk-favourable decisions.
