From oversight to insight: Transforming cybersecurity governance in boardrooms

Authors/Creators

• Tooba Aamir
• Georgia Psaroulis
• Marthie Grobler
• Helge Janicke, Edith Cowan UniversityFollow

Author Identifier (ORCID)

Helge Janicke: https://orcid.org/0000-0002-1345-2829

Abstract

Cybersecurity governance is increasingly critical in a digital economy, with board directors playing a central role in shaping organisational resilience. Directors are pivotal in setting cybersecurity strategies and carrying fiduciary obligations that extend to digital risk oversight. This study examines the cybersecurity literacy and governance practices of Australian board directors through a qualitative interview study with 13 participants. Findings reveal a substantial gap in directors' knowledge and confidence, undermining effective oversight and informed decision-making. This deficit limits their ability to interrogate risk reports, challenge assumptions, and steer investment in line with organisational resilience goals. In response, we propose a Board Cyber Governance Model that integrates targeted education, strategic interventions, and structured board-CISO engagement to improve governance capability. By situating cyber governance at the intersection of executive decision-making, risk perception, and digital security, this work contributes to human-computer interaction by highlighting socio-organisational challenges and offering actionable insights for stronger board-level engagement.

Keywords

board of directors, cyber literacy, cybersecurity governance, decision-making, organisational resilience, risk management

Document Type

Conference Proceeding

Date of Publication

4-13-2026

Publication Title

CHI '26: Proceedings of the 2026 CHI Conference on Human Factors in Computing System

Publisher

Association for Computing Machinery

School

ECU Security Research Institute

Funding Information

The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government’s Cooperative Research Centres Program.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Comments

Aamir, T., Psaroulis, G., Grobler, M., & Janicke, H. (2026). From oversight to insight: Transforming cybersecurity governance in boardrooms. In Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems (pp. 1–22). Association for Computing Machinery. https://doi.org/10.1145/3772318.3791142