Digital Security Governance: What Can We Learn from High Reliability Organizations (HROs)?

Abstract

With the growing digitalization of businesses, digital security governance (DSG) is becoming central to organizational survival strategies. However, many organizations fail to establish successful DSG practices and, consequently, fail to understand how DSG can lower the severity of cybersecurity failures. This paper aims to contribute to filling this gap. By putting the five principles of the High Reliability Organization (HRO) central to the design of our qualitative investigation, we engage in interviewing forty-two chief information security officers (CISOs) and chief information officers (CIOs) of large organizations in the Netherlands about their views on why organizations fail to successfully achieve DSG. Our data show that HRO principles are partly relevant but lacking in DSG approaches, which potentially increases security failure. We conclude this paper by discussing these findings in light of future research and practice.