Governing security in a digital world is not a “ one size fits all” solution: A multiple case study about security governance modes and their effectiveness

Abstract

Governing digital security is crucial for anticipating the ever-increasing impact of cyberattacks. However, persistent failures and breaches indicate that both research and practice do not provide sufficient guidance on how digital security governance (DSG) can become effective. There is a strong focus on finding the “silver bullet” or applying a “one size fits all” approach in DSG models. The central finding of this paper indicates that organizations can operate different DSG modes. We discuss four DSG modes and their benefits and drawbacks based on case study data, interviewing 33 stakeholders across 5 unique cases (large organizations). With our findings, organizations can reflect on their current DSG approaches and render them more effective.