EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Weathering the storm: examining how organisations navigate the sea of cybersecurity regulations

Jeffrey G. Proudfoot, W. Alec Cram and Stuart Madnick

European Journal of Information Systems, 2025, vol. 34, issue 3, 436-459

Abstract: Governments around the world routinely regulate the activities of private enterprises to guide the behaviour of individuals and organisations towards acceptable norms. This holds true in a cybersecurity context. However, practitioners report that cybersecurity regulations are often out of date and compliance is confusing, expensive, and time consuming. As a result, organisational leaders are often uncertain about the practicalities of adopting and implementing the various rules, which can lead to trickle-down effects on the robustness of lower-level cybersecurity controls and compliance activities. In this research, we aim to clarify how cybersecurity regulations are operationalised in organisations, as well as reveal the compliance and performance consequences of cybersecurity regulations. To do so, we interviewed 22 senior leaders with expertise in cybersecurity regulations. Our analysis reveals 7 distinct themes (i.e., concept groupings) that are ordered within four phases (i.e., temporal stages), which we use to create the Institutional Cybersecurity Regulations Model (ICRM). The results provide a holistic view of the cybersecurity regulations process in organisations that can serve to clarify current theory relationships and inform future research. As well, the ICRM can provide a practical roadmap for managers to navigate regulatory cybersecurity challenges in their own companies.

Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/0960085X.2024.2345867 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:tjisxx:v:34:y:2025:i:3:p:436-459

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/tjis20

DOI: 10.1080/0960085X.2024.2345867

Access Statistics for this article

European Journal of Information Systems is currently edited by Par Agerfalk

More articles in European Journal of Information Systems from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-03
Handle: RePEc:taf:tjisxx:v:34:y:2025:i:3:p:436-459