Content uploaded by Calvin NMN Nobles
Author content
All content in this area was uploaded by Calvin NMN Nobles on Nov 27, 2024
Content may be subject to copyright.
184
Copyright © 2024, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Chapter 10
DOI: 10.4018/979-8-3693-1970-3.ch010
ABSTRACT
It is necessary to reassess the allocation of resources, questioning traditional notions of return on in-
vestment (ROI) and focusing, in particular on the critical area of cybersecurity. Anticipated damages
from cybercrime are increasing 15% per year globally, totaling an estimated $10.5 trillion by 2025.
In addition to the financial benefits, the ROI for these cybersecurity efforts may be measured in terms
of retaining user confidence and guaranteeing the seamless running of online learning platforms. In
the age of remote learning, the goal is to enhance educational effectiveness while wisely controlling
expenses, given the increasing importance of cybersecurity in online commerce. Although past data
guides initiatives, it is crucial to continuously examine new data to improve strategy, particularly in the
ever-changing field of cybersecurity. This understanding through qualitative inquiry gives practitioners
the knowledge to understand the component parts required for the ROI calculation in the cybersecurity
investment environment.
Cyber Leadership Excellence:
Bridging Knowledge Gaps,
Maximizing Returns
Sharon L. Burton
https://orcid.org/0000-0003-1653-9783
Capitol Technology University, USA
Darrell Norman Burrell
https://orcid.org/0000-0002-4675-9544
Marymount University, USA
Calvin Nobles
Illinois Institute of Technology, USA
Laura Ann Jones
https://orcid.org/0000-0002-0299-370X
Capitol Technology University, USA
Yoshino W. White
Florida State University, USA
Dustin I. Bessette
https://orcid.org/0000-0002-5482-6241
Mt. Hood Community College, USA
Amalisha Aridi
Capitol Technology University, USA
185
Cyber Leadership Excellence
INTRODUCTION
The primary aim of this chapter is to equip practitioners and academicians with a comprehensive un-
derstanding of ROI strategies and techniques that are readily applicable to distance education programs
while also taking into account the critical aspect of cybersecurity. The text recognizes the evolving
landscape in which online learning, business objectives, and cybersecurity converge, emphasizing the
need for informed and strategic decision-making. To embark on this journey, a foundational principle
from Stephen Covey The key is not to prioritize what’s on your schedule, but to schedule your priorities”
(Kruse, 2012), serves as a reference point. In the context of training effectiveness, it entails ensuring that
all program objectives are crystal clear, acknowledged, and comprehended before the commencement of
education and training initiatives. Furthermore, these objectives must be aligned and validated against
the overarching business goals.
According to Tan and Olaore (2021), identifying and addressing the obstacles to learning effectiveness
within the business unit becomes imperative, and a comprehensive roadmap to eliminate hindrances that
impede progress. Amidst the myriad of learning effectiveness models, philosophies, and resources avail-
able in various forms, including books, audio, video communication, and journal articles, cyber security
leaders grapple with the challenge of deciphering how to gauge learning effectiveness effectively. The
text acknowledges that learning effectiveness, coupled with cost reduction, continues to be a driving force
behind adopting distance education programs. In this context, organizations seek immediate answers to
questions such as the quantification of cost-savings, cost-benefits, and cost efficiencies associated with
e-learning, as well as strategies to achieve these gains without exceeding tight budgets.
Simultaneously, academics are confronted with delivering this critical information to practitioners
without the encumbrance of academic jargon and abstract theories. The focus is on practical applicability,
requiring institutions of higher learning to present this valuable information in a format that facilitates
immediate implementation. Within this swiftly evolving and highly technical landscape, cybersecurity
learners seek knowledge, skills, abilities, and competencies that align with the current evolving concerns
(Burrell et al., 2018, 2021). The contemporary information and digital age is intertwined with networked
infrastructures within workplaces, where online learning is reshaping conventional ROI paradigms,
necessitating meticulously planned programs and investments (Dawson et al., 2021).
While historical data offers insights for reevaluating strategies, it is essential to continuously review
emerging information for ongoing process improvements and the substantiation of education and train-
ing initiatives to include human factors (Nobles, 2019). This process of acquiring new information is
anchored in the principles of continuous learning (Burton, 2022). The details of this chapter delve into
three critical domains: (1) aligning education training initiatives with organizational objectives within
enterprises, encompassing cybersecurity readiness, (2) systematically tracking and evaluating business
outcomes, and (3) elucidating the value of defining terminology for education and training professionals.
Learners need to grasp the rationale behind attaching business values to organizational learning
capabilities, and alignment on terminology usage among all stakeholders is a prerequisite.
In an era where digital transformation permeates every aspect of education and business, cyberse-
curity considerations are a pivotal factor in shaping the strategies and outcomes of distance education
programs. The symbiotic relationship between online learning, business objectives, and cybersecurity
is central to our discourse as we navigate the evolving contours of this dynamic landscape.
186
Cyber Leadership Excellence
BACKGROUND
In the rapidly evolving digital landscape, cybersecurity has become a paramount concern for organiza-
tions across industries (Morris, 2019; Murphey, 2020; Nobles, 2019). As the world becomes increasingly
interconnected through technology, the potential risks and vulnerabilities associated with cyberspace
have grown exponentially. Recent studies and surveys reveal that cybersecurity leaders and professionals
grapple with a pressing challenge: the widening knowledge gap in this critical field (Boyd et al., 2020;
Muller, 2021; Murrey, 2018).
The current state of cybersecurity knowledge is that 72% of cybersecurity leaders and professionals
acknowledge that the complexity and diversity of cyber threats are on the rise (Graham, 2023). This mul-
tifaceted threat landscape includes not only traditional cyberattacks but also sophisticated and evolving
tactics such as ransomware, zero-day exploits, and social engineering. However, despite the escalating
threats, a concerning 58% of these leaders report that their organizations need help to keep pace with the
rapidly changing cybersecurity landscape. The persistent shortage of skilled cybersecurity professionals
further compounds this challenge, with an alarming 62% of organizations citing difficulty hiring and
retaining qualified experts (ISACA, 2022).
There is a crucial role for education and training. In light of the staggering statistics, it becomes
evident that effective education and training programs are pivotal in bridging the cybersecurity knowl-
edge gap. A substantial 85% of cybersecurity leaders believe that continuous learning and professional
development are essential for staying ahead of evolving threats (Pressley, 2023). Leaders in cybersecurity
are increasingly recognizing the significance of investing in educational initiatives. A promising 68%
of organizations have begun to allocate more resources to cybersecurity training and education in the
past year. This proactive approach aims to equip their teams with the knowledge and skills necessary
to confront the ever-evolving threat landscape effectively. There is a need to address the challenge of
adequate education and training.
Despite the growing recognition of the importance of education and training, there are considerable
challenges to delivering effective cybersecurity learning programs. A notable 45% of organizations need
more standardized cybersecurity training curricula. The absence of clear benchmarks and guidelines
makes it challenging to ensure learners acquire the requisite knowledge and skills. Furthermore, 52% of
cybersecurity leaders express concerns about the accessibility and availability of quality training materi-
als (Fortinet, 2022). In a field where the currency of knowledge is paramount, the need for up-to-date
resources can hinder the efficacy of educational initiatives.
In this context, this chapter explores the path forward, the critical intersection of cybersecurity,
education, and training. The text delves into strategies and techniques that can empower cybersecurity
leaders and professionals to address the knowledge gap effectively. The objective is clear: to equip lead-
ers with the insights and tools necessary to navigate the dynamic cybersecurity landscape, protect their
organizations, and mitigate emerging threats. By understanding the current challenges and opportunities
in cybersecurity education and training, leaders can position themselves to lead their teams and organiza-
tions toward a more secure digital future. This chapter serves as a valuable resource for those dedicated
to mastering the art and science of cybersecurity in an ever-changing world.
187
Cyber Leadership Excellence
LIMITATIONS AND DELIMITATIONS
This document is a comprehensive exploration of return on investment (ROI) within cybersecurity,
focusing primarily on risk assessment and mitigation. It also delves into cost savings, cost benefits, and
cost efficiencies associated with e-learning initiatives. The objective is to bridge the gap between busi-
ness goals and outcomes assessment, providing training professionals with the terminology and insights
needed to gauge the cybersecurity implications, risks, and financial aspects of e-learning.
Cybersecurity stands as a paramount concern in the modern digital landscape. As businesses increas-
ingly embrace e-learning solutions, they must know the associated cybersecurity risks. This document
sheds light on the critical intersection between cybersecurity and ROI, elucidating how investments in
e-learning impact an organization’s overall risk profile. Moreover, it examines the cost-saving potential
of e-learning implementations, outlining the financial benefits of these initiatives. Cost efficiencies are
explored in detail, offering a thorough understanding of how e-learning can optimize resource allocation
and operational expenditures.
FRAMEWORKS/THEORIES
This chapter provides a comprehensive exploration of the intricate relationship between online learning,
organizational goals, and the critical realm of cybersecurity in today’s digital landscape. It emphasizes
the need for a reevaluation of resource allocation and a fresh perspective on Return on Investment (ROI)
within the context of online learning, with cybersecurity taking center stage. Three theoretical frame-
works, technology adoption theory, cybersecurity risk management, and Resource Allocation, underpin
the content of this text.
The Technology Adoption Theory/Framework theory, often associated with Everett Rogers’ Diffu-
sion of Innovations theory, posits that the adoption and assimilation of technology into an organization
follow a specific trajectory (Granić, 2020). In the context of this text, it illustrates how organizations
adopt online learning platforms as a technological innovation. The framework outlines the stages of
awareness, interest, evaluation, trial, and adoption, highlighting the importance of aligning technology
adoption with organizational objectives and cybersecurity imperatives (Granić, 2020). It also emphasizes
that the success of online learning initiatives depends on how well they are integrated into the existing
technological ecosystem.
While the Technology Adoption theory is valuable for understanding the stages of technology
adoption, it may oversimplify the complex interplay of factors involved in integrating online learning
platforms into an organization (Saghafian et al., 2021). It emphasizes the diffusion process but may
need to adequately address the intricacies of aligning technology adoption with diverse organizational
objectives and the dynamic cybersecurity landscape (Shibly et al., 2022). Additionally, it might need to
account for the unique challenges and resistance emerging when introducing technology in educational
settings, where pedagogical considerations play a significant role.
The Cybersecurity Risk Management Framework revolves around the idea that effective cyberse-
curity risk management is essential for organizational resilience in the digital age (Lee, 2021). It draws
from established frameworks like the NIST Cybersecurity Framework or ISO 27001. In this context,
the framework outlines the identification, protection, detection, response, and recovery phases of cy-
bersecurity risk management (Roy, 2020). Per Lee, it emphasizes that investments in cybersecurity are
188
Cyber Leadership Excellence
not just about financial returns but also about safeguarding the organization’s reputation, data, and the
trust of its stakeholders, including learners. The framework illustrates how cybersecurity is a strategic
imperative in online learning, intertwining risk mitigation with educational goals (Lee, 2021).
The Cybersecurity Risk Management framework, though robust, can be critiqued for potential rigidity
(Cremer et al., 2022). It relies heavily on predefined risk management phases, which may only sometimes
align perfectly with the rapidly evolving nature of cyber threats. Critics argue that these frameworks may
become outdated quickly and need to account for emerging risks. (Lee, 2021) Furthermore, they might not
address the specific nuances of the online learning environment, which can have unique vulnerabilities
and compliance requirements. As such, adaptability and continuous monitoring are essential to mitigate
potential shortcomings (Cremer et al., 2022)
The Resource Allocation Theory/Framework examines how organizations distribute resources to
achieve their objectives efficiently. In online learning and cybersecurity, this framework underscores
the need to strategically allocate resources to optimize pedagogical effectiveness while safeguarding
against cyber threats (Marseille & Kahn, 2019). It emphasizes aligning financial investments with or-
ganizational goals and cybersecurity requirements. This framework guides decision-makers in making
informed choices about where to allocate resources to maximize the ROI of online learning initiatives
while maintaining a robust cybersecurity posture (Marseille & Kahn, 2019).
The Resource Allocation theory has static assumptions in a dynamic environment. Resource Alloca-
tion theory makes assumptions about resource needs and allocation based on relatively stable condi-
tions. However, in the context of online learning and cybersecurity, the environment is highly dynamic
(Marseille & Kahn, 2019). New technologies, cyber threats, and pedagogical trends continuously evolve
(Burrell et al., 2020; Dawson & Szakonyi, 2020). Therefore, relying solely on static resource allocation
models can lead to misalignment between investments and actual needs. This rigidity may hinder an
organization’s ability to respond effectively to emerging challenges and opportunities, especially in the
fast-paced world of online education (Kleinmuntz, 2007). To address this critique, organizations must
adopt more flexible and adaptive resource allocation strategies that accommodate changing circumstances.
These theoretical frameworks provide a holistic perspective on the challenges and opportunities of
integrating online learning into organizational strategies (University of Southern California, 2023).
They underline the pivotal role of cybersecurity in this landscape, ensuring that investments yield not
only financial benefits but also support the secure and efficient operation of online learning platforms.
Furthermore, these frameworks support a change acknowledging the imperative of ongoing evaluation
and adaptation (Milella et al., 2021) to navigate the ever-evolving intersection of online learning, organi-
zational objectives, and cybersecurity effectively, ensuring organizations remain resilient and responsive
in this dynamic digital milieu.
THE FOCUS OF THE CHAPTER
This chapter serves as an academic exploration and comprehensive examination of the intricate interplay
between educational initiatives, online learning, strategy and organizational objectives, sustainability,
ROI, and the critical domain of cybersecurity within the contemporary digital milieu. See Figure 1 to
connect these points. At its core, this chapter delves into the imperative for discerning investments and
achieving strategic alignment within a landscape where online learning engenders a profound trans-
formation of long-established educational paradigms, thereby empowering cybersecurity leaders and
189
Cyber Leadership Excellence
professionals to address knowledge gaps effectively. Here are three specific examples of how this chapter
addresses this imperative.
The first is the alignment of education and training initiatives with organizational objectives. The
online learning landscape challenges conventional norms related to return on investment (ROI) since it
demands a heightened focus on deliberate program planning and increased investments, especially in
alignment with online initiatives (Fetaji & Fetaji, 2009). The apparent need to align educational initia-
tives and an organization’s overarching goals recognizes that online learning is becoming increasingly
integral to educational and business strategies (Carnegie Mellon University, 2023). As given by Cloud
Security Alliance (2023), traditional compliance-focused training methods prove ineffective in fostering
a cybersecurity culture and long-term behavioral change, highlighting the importance of aligning train-
ing content and methods with adult workers’ values and objectives to incentivize the desired behaviors.
It is crucial to ensure that learning objectives and strategies align with broader business objectives. The
connection between this alignment and achieving high levels of strategic performance and competitive-
ness is highlighted by Ghonim et al. in their 2020 study, emphasizing the role of strategic planning in the
process. For example, suppose a company’s main objective is to enhance its cybersecurity posture and
protect sensitive data. In that case, the chapter suggests that the education and training programs should
equip employees with the skills and knowledge necessary to address cybersecurity threats effectively.
As emphasized by Care et al. (2019), education systems must provide learners with essential competen-
cies like problem-solving, collaboration, critical thinking, and communication. This alignment matters
(Carnegie Mellon University, 2023) because it ensures that educational investments are strategically
directed toward achieving the organization’s cybersecurity goals.
The second is sustainability. In the study by (Feeney et al., 2022), they propose that addressing sus-
tainability challenges effectively necessitates a broader perspective, extending beyond the confines of
individual organizations and fostering greater engagement with stakeholders. Their research advances
a shared comprehension of the intricate nature of achieving sustainability, spanning various fields
of study. Consequently, this positions researchers and scholars in education to actively participate in
transdisciplinary research endeavors to promote sustainability. Their work significantly enhances our
insights into the practical aspects of organizing for sustainability. Within a transdisciplinary framework,
which transcends cultural boundaries and disciplinary constraints, this approach is characterized by
its presumptive nature, learner-centric focus, and constructivist principles. It empowers researchers to
generate relevant evidence crucial for informed decision-making in sustainability (Shakya et al., 2019).
Furthermore, Burton (2021) introduced a transdisciplinary framework incorporating four distinct
methodologies: cybersecurity leadership, digitization technology, andragogy, and training in the cyber-
security landscape. Burton’s approach involves amalgamating these methodologies to create a hybrid
model that encompasses the strengths of its parent methodologies. This innovative framework offers a
robust and adaptable approach to addressing complex challenges.
In summary, Feeney et al.’s (2022) research underscores the importance of adopting a transdisciplinary
perspective to tackle sustainability issues. At the same time, Burton’s (2021) framework exemplifies the
potential of hybrid models in navigating multifaceted challenges. These approaches collectively contribute
to a deeper understanding of how to organize and make decisions to pursue sustainability effectively.
The third is measuring ROI in cybersecurity investments. The chapter challenges conventional concep-
tions of return on investment (ROI) by expanding the definition of ROI in the context of cybersecurity
investments. It asserts that ROI should not be solely measured in terms of financial savings but should
also consider the value of maintaining the smooth operation of online learning platforms and preserving
190
Cyber Leadership Excellence
user trust (Cremer et al., 2022). For instance, if an educational institution invests in cybersecurity mea-
sures that prevent a data breach, the financial ROI may not be immediately apparent. Still, the long-term
benefits of avoiding reputational damage, legal liabilities, and losing the trust of students and stakeholders
are substantial (Jones, 2020). Considering these broader impacts, the chapter encourages organizations
to evaluate cybersecurity investments more comprehensively and strategically.
Necessitated is a comprehensive reevaluation of resource allocation, thus challenging conventional
conceptions of return on investment (ROI), with a particular emphasis on the pivotal domain of cyber-
security. The ROI derived from cybersecurity investments is not confined solely to financial savings; it
encompasses the seamless operation of online learning platforms and the preservation of user trust. For
Chief Information Security Officers (CISOs) to make well-informed decisions and optimize the return on
investment (ROI) in cybersecurity products, they must possess the capability to continuously monitor and
analyze trends and performance metrics over an extended period (Tehlia, 2023). In an era where remote
learning has assumed the role of the lifeblood for online business enterprises, the mandate is dual-fold:
to optimize pedagogical efficacy while judiciously containing costs, with cybersecurity emerging as
the lynchpin (Dougherty, 2021). Leadership should understand applying ROI, as it is a critical tool for
strategic planning (Ives & Seymour, 2022). While historical data serves as a compass for strategic en-
deavors, it is imperative for cybersecurity to perpetually scrutinize emerging data to improve processes
(Cloud Security Alliance, 2023; Cremer et al., 2022; Tehlia, 2023).
ROI and Cybersecurity: Closing the Knowledge Gap
ROI can play a pivotal role in closing the knowledge gap in cybersecurity by providing a structured ap-
proach to measure the effectiveness of educational and training initiatives (Cremer et al., 2022). Closing
the gap occurs through justifying investment in cybersecurity training, assessing the impact of cyber-
Figure 1. Strategic synergy matrix: Navigating the intersections of education, online learning, strategy
and goals, sustainability, ROI, and cybersecurity
191
Cyber Leadership Excellence
security incidents, identifying areas for improvement, demonstrating the value of continuous learning,
encouraging accountability and responsibility, and justifying future investments (Cremer et al., 2022;
Tehlia, 2023). Furthermore, ROI empowers organizations to make data-driven decisions in cybersecurity
training, allowing them to allocate resources efficiently, focus on the most effective training methods,
and ensure that every investment enhances their cybersecurity posture
ROI analysis helps organizations quantify the benefits derived from investments in cybersecurity
education and training programs by justifying investment in cybersecurity training (Ives & Seymour,
2022). When decision-makers see a clear financial justification for allocating resources to such programs,
they are more likely to prioritize and fund them adequately. For instance, a company may invest in a
cybersecurity training program for its employees. By calculating ROI, the organization can determine
whether the program has led to a reduction in security incidents, thereby demonstrating the value of the
training investment.
By assessing the impact of cybersecurity incidents, ROI analysis allows organizations to measure the
impact of cybersecurity training on reducing incidents. By identifying areas for improvement by analyzing
the ROI of different training initiatives, organizations can identify which programs are the most effec-
tive and which may need improvement. For instance, if ROI analysis reveals that one training program
has a significantly higher return than another, it signals that resources should be reallocated towards the
more effective program or that the less effective program may require adjustments. Furthermore, this
data-driven approach to improving training initiatives ensures that organizations can continually adapt
and refine their cybersecurity education strategies to address emerging threats effectively and allocate
resources where they will have the most significant impact on security posture.
By demonstrating the value of continuous learning, ROI analysis underscores the value of continuous
learning in cybersecurity (Ives & Seymour, 2022). As the threat landscape evolves, ongoing education
and training are crucial to keep knowledge and skills up-to-date (Brown-Jackson, 2023). ROI calcula-
tions can show that investing in regular, updated training programs is more cost-effective than dealing
with the consequences of a breach resulting from outdated knowledge (Cremer et al., 2022).
Encouraging accountability and responsibility is salient (Burton et al., 2013). When organizations
calculate the ROI of cybersecurity training, it holds both learners and training providers accountable.
Employees understand the importance of applying what they have learned, knowing their actions impact
the organization’s cybersecurity posture (Burrell, 2021). Training providers are incentivized to deliver
high-quality, compelling content that generates positive ROI (Burton, 2015). This synergy between ac-
countability and ROI-driven training initiatives ultimately creates a more robust line of defense against
cyber threats, with employees actively safeguarding their organization’s digital assets and data. This
synergy between accountability and ROI-driven training initiatives ultimately creates a more robust
defense against cyber threats, with employees actively safeguarding their organization’s digital assets
and data (Cremer et al., 2022). Positive ROI from cybersecurity training can justify further investments
in education and skill development (Ives & Seymour, 2022). ROI analysis provides a quantifiable means
to assess the effectiveness of cybersecurity education and training initiatives. By demonstrating the
financial benefits and impact on incident reduction, ROI analysis not only justifies current investments
but also informs future decisions, ultimately contributing to closing the knowledge gap in cybersecu-
rity and enhancing an organization’s overall security posture. Moreover, integrating ROI analysis into
cybersecurity education strategies fosters a culture of evidence-based decision-making, ensuring that
resources are directed toward initiatives that deliver tangible results and continuous improvement in
cybersecurity knowledge and preparedness.
192
Cyber Leadership Excellence
Optimizing Resource Allocation
In an era where cybersecurity and online learning play pivotal roles, it is vital to underscore the paramount
significance of optimizing resource allocation. Resource allocation provides a comprehensive perspec-
tive on how investments in these domains should align with pedagogical objectives and cybersecurity
imperatives because it links to value creation, tactical decision-making, connecting budgets to strategy,
and evidence-based decision-making (Burrell, 2021; Burton, 2015, 2022). For decision-makers and
budget planners, this chapter offers invaluable guidance on strategically allocating resources to achieve
educational goals while fortifying cybersecurity resilience. This importance lies in the delicate balance
between advancing educational objectives and bolstering cybersecurity defenses in a world increasingly
reliant on digital technologies. By offering a roadmap for resource allocation, decision-makers can en-
sure that investments in education and cybersecurity align strategically, thereby effectively safeguarding
organizations and their learners in the contemporary digital landscape. Furthermore, within the realm
of training, the chapter delves into strategies for addressing challenges related to standardized curricula
and accessible training, considering human factors (Nobles, 2019). This holistic approach ensures that
practitioners responsible for designing and delivering cybersecurity training programs can derive insights
to make their initiatives effective and aligned with industry standards.
Academic Contribution
From an academic perspective, this chapter contributes to scholarly discussions by synthesizing and
analyzing existing literature in cybersecurity, education, and ROI analysis. It is a comprehensive resource
for researchers and academics interested in these converging domains, facilitating a deeper understanding
of the intricate interplay between education, cybersecurity, and organizational strategy. Moreover, this
scholarly contribution fosters a multidisciplinary approach to addressing the complex challenges at the
intersection of education, cybersecurity, and organizational strategy, encouraging further research and
collaboration to advance knowledge and practices in these critical domains. The significance of the last
section lies in its potential to drive interdisciplinary research, enabling scholars to explore innovative
solutions at the intersection of education, cybersecurity, and organizational strategy, ultimately advanc-
ing the collective understanding and practice in these critical domains. This chapter goes beyond a mere
summary and provides actionable insights and strategies for practitioners and decision-makers. The
chapter addresses pressing concerns, offers practical guidance, and contributes to academic discourse,
making it an invaluable resource for anyone seeking to navigate the complex landscape where online
learning, business objectives, and cybersecurity intersect.
SOLUTIONS AND RECOMMENDATIONS
In response to the challenges and opportunities outlined in this chapter, several solutions and recom-
mendations can guide organizations and cybersecurity leaders in effectively addressing the knowledge
gap and optimizing cybersecurity education and training programs:
193
Cyber Leadership Excellence
1. Standardized Curriculum Development: To address the need for standardized cybersecurity
training curricula, organizations should collaborate with industry experts and associations to de-
velop comprehensive and up-to-date educational materials. These materials should cover various
cybersecurity topics and align with industry standards. Additionally, establishing partnerships
with recognized cybersecurity certification bodies can help ensure that the training curricula meet
industry-recognized standards and certifications, further enhancing the credibility and effectiveness
of the educational materials.
2. Accessibility and Availability: Enhancing The accessibility and availability of quality training
materials can be achieved by leveraging digital platforms and online resources. Organizations
should invest in user-friendly learning management systems (LMS) and partner with reputable
online education providers to ensure that learners have access to relevant and up-to-date content.
Moreover, embracing a blended learning approach that combines digital resources with interactive,
instructor-led sessions can cater to diverse learning preferences and maximize the effectiveness of
cybersecurity training programs.
3. Continuous Learning Culture: Cultivating a culture of continuous learning within the organiza-
tion is essential. Encourage cybersecurity professionals to pursue certifications, attend conferences,
and engage in ongoing training programs. Organizations should allocate resources for employees’
professional development and provide incentives for achieving certifications and advancing their
skills. Additionally, fostering a culture of continuous learning enhances cybersecurity expertise
and strengthens the organization’s overall security posture, staying ahead of evolving threats.
Incentives can include recognition, promotions, or financial rewards to motivate professionals to
pursue cybersecurity excellence.
4. Simulation and Practical Training: Cybersecurity education should incorporate realistic simula-
tions and practical exercises that mirror real-world threats and scenarios. Hands-on training and
cyber range exercises can help learners apply their knowledge and skills in a controlled environ-
ment, improving their ability to respond to cyber threats effectively.
5. Metrics and Assessment: Implement metrics and assessment tools to measure the effectiveness of
cybersecurity education and training programs. Regularly evaluate learner performance and gather
feedback to identify areas for improvement. Adjust the curriculum and delivery methods based on
these assessments.
6. Cross-Functional Collaboration: Foster collaboration between cybersecurity teams and other
departments within the organization, such as IT, legal, and compliance. Cross-functional teams can
work together to develop and implement comprehensive cybersecurity strategies that align with
business objectives.
7. Partnerships with Educational Institutions: Collaborate with educational institutions, universi-
ties, and colleges to establish cybersecurity education programs. These partnerships help bridge
the skills gap by providing a pipeline of qualified cybersecurity professionals.
FUTURE RESEARCH DIRECTIONS
As the dynamic landscape of cybersecurity and education continues to evolve, several promising research
directions emerge:
194
Cyber Leadership Excellence
1. Effective Pedagogical Approaches: Investigate and develop innovative pedagogical approaches
that maximize learning outcomes in cybersecurity education. Explore the effectiveness of different
teaching methods, such as gamification, experiential learning, and adaptive learning platforms.
2. Cybersecurity Workforce Development: Research the long-term impact of investing in cyberse-
curity education and training on the overall cybersecurity workforce. Examine how well-prepared
professionals are to address emerging threats and adapt to evolving technologies.
3. Measuring ROI in Cybersecurity Education: Develop comprehensive frameworks for measur-
ing the return on investment in cybersecurity education and training. Explore the quantifiable and
qualitative factors contributing to ROI and assess how these investments impact an organization’s
cybersecurity posture.
4. Cybersecurity Policy and Regulation: Investigate the relationship between cybersecurity educa-
tion and policy development. Explore how effective education and training programs influence the
creation of cybersecurity regulations and standards at both national and international levels.
5. Emerging Technologies: Examine the role of emerging technologies, such as artificial intelligence
and machine learning, in enhancing cybersecurity education and training. Evaluate How these
technologies can be integrated into educational programs to improve threat detection and response
capabilities. By fostering collaboration between academia, industry, and policymakers, the field of
cybersecurity education can evolve to bridge the knowledge gap and prepare a skilled workforce.
Academic institutions can innovate pedagogical approaches, industry can offer practical insights.
Policymakers can establish regulatory frameworks that incentivize education and training. Together,
these efforts fortify our defenses against digital threats.
CONCLUSION
Effective cybersecurity leadership is paramount in the rapidly evolving landscape of cyber threats.
These leaders must comprehend the intricacies of the ever-changing threat landscape and demonstrate
tangible returns on investment (ROI) for organizations. Failing to plan for ROI can result in unclear
decision-making, risk underestimation, and an inability to prioritize work. A significant challenge in
cybersecurity is the knowledge gap between scientists and practitioners, which can hinder cyber risk
management. Influential cybersecurity leaders require diverse skills, including self-awareness, vision-
ary thinking, self-regulation, and decisive decision-making. The ROI here extends beyond preventing
cyberattacks to optimizing resource allocation and reducing the costs associated with security breaches.
Prioritizing cybersecurity education and training is crucial. Organizations must foster competencies
such as communication, strategic planning, innovation, and crisis management in their leaders. The
ROI of such investments is evident in reduced security incidents and more efficient incident response,
safeguarding the organization’s financial stability and reputation.
Consistent infusion of cybersecurity education and training throughout organizations is imperative.
This approach ensures team members are well-informed, adaptable to evolving threats, and capable
of effective crisis response. Effective leadership fosters a culture of security awareness and readiness,
enhancing the organization’s ROI.
195
Cyber Leadership Excellence
In this era of digital transformation and cyber risk, cybersecurity leaders play a pivotal role. They
must bridge knowledge gaps, promote education and training, and apply interdisciplinary approaches
effectively. The challenges posed by cyber threats are significant. However, with the right leadership
competencies and a commitment to continuous learning, organizations can navigate these challenges and
emerge more robust and resilient, ultimately achieving a favorable ROI on their cybersecurity investments.
REFERENCES
Boyd, N. E., Zaynutdinova, G. R., Burdette, M., & Burks, N. (2020). Value added: West Virginia Univer-
sity’s approach to innovative experiential learning. Managerial Finance, 46(5), 599–609. doi:10.1108/
MF-08-2018-0403
Brown-Jackson, K. L. (2023). Cybersecurity Leadership: A Healthcare Critical Infrastructure And
Wearables Examination [Unpublished Exegesis]. Capitol Technology University.
Burrell, D. N. (2018). An exploration of the cybersecurity workforce shortage. International Journal of
Hyperconnectivity and the Internet of Things, 2(1), 29–41. doi:10.4018/IJHIoT.2018010103
Burrell, D. N. (2021). Cybersecurity leadership from a talent management organizational development
lens [Unpublished Exegesis]. Capitol Technology University.
Burrell, D. N., Burton, S. L., Nobles, C., Dawson, M. E., & McDowell, T. (2020). Exploring technological
management innovations that include artificial intelligence and other innovations in global food produc-
tion. International Journal of Society Systems Science, 12(4), 267–285. doi:10.1504/IJSSS.2020.112408
Burton, S. L. (2022). Cybersecurity leadership from a Telemedicine/Telehealth knowledge and organi-
zational development examination (Order No. 29066056). Available from ProQuest Central; ProQuest
Dissertations & Theses Global. (2662752457). https://www.proquest.com/dissertations-theses/cyberse-
curity-leadership-telemedicine-telehealth/docview/2662752457/se-2
Burton, S. L., Bessette, D., Brown-Jackson, K. L., & White, Y. W. (2013). ROI: Drilling Down on Cost-
Benefit Components. Proceedings of the SALT Conference, 2013.
Care, E., Kim, H., & Vista, A. (2019, January 30). Education system alignment for 21st century skills:
Focus on assessment. Brookings Institute. https://www.brookings.edu/articles/education-system-align-
ment-for-21st-century-skills/
Carnegie Mellon University. (2023). Why should assessments, learning objectives, and instructional
strategies be aligned? Author. https://www.cmu.edu/teaching/assessment/basics/alignment.html
Cloud Security Alliance. (2023). Maximizing ROI on cybersecurity training. Author. https://cloudsecu-
rityalliance.org/blog/2023/07/25/maximizing-roi-on-cybersecurity-training/
Cramer, J. A., Roy, A., Burrell, A., Fairchild, C. J., Fuldeore, M. J., Ollendorf, D. A., & Wong, P. K.
(2008). Medication compliance and persistence: Terminology and definitions. Value in Health (Wiley-
Blackwell), 11(1), 44–47. doi:10.1111/j.1524-4733.2007.00213.x
196
Cyber Leadership Excellence
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022).
Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and
Insurance. Issues and Practice, 47(3), 698–736. doi:10.1057/s41288-022-00266-6 PMID:35194352
Dawson, M., Bacius, R., Gouveia, L. B., & Vassilakos, A. (2021). Understanding the challenge of cyber-
security in critical infrastructure sectors. Land Forces Academy Review, 251(101), 69–75. doi:10.2478/
raft-2021-0011
Dawson, M., & Szakonyi, A. (2020). Cybersecurity education to create awareness in artificial intelligence
applications for developers and end users. Science Bulletin, 25(2), 85–92. doi:10.2478/bsaft-2020-0012
Dougherty, F. (2021, February 16). The future of online learning: the long-term trends accelerated by
Covid-19. The Guardian. https://www.theguardian.com/education/2021/feb/16/the-future-of-online-
learning-the-long-term-trends-accelerated-by-covid-19
Feeney, M., Grohnert, T., Gijselaers, W., & Martens, P. (2023). Organizations, Learning, and Sustain-
ability: A Cross-Disciplinary Review and Research Agenda. Journal of Business Ethics, 184(1), 217–235.
doi:10.1007/s10551-022-05072-7
Fetaji, B., & Fetaji, M. (2009). e-Learning Indicators: A Multi-Dimensional Model for Planning and
Evaluating e-Learning Software Solutions. Electronic Journal of e-Learning, 7(1), 1–28.
Fortinet. (2022). How Is the Skills Gap Creating Cyber Risk? Author. https://www.fortinet.com/blog/
industry-trends/global-cybersecurity-skills-gap-report-findings
Ghonim, N., Khashaba, N., Al-Najaar, H., & Khashan, M. (2020). Strategic alignment and its impact
on decision effectiveness: a comprehensive model. International Journal of Emerging Markets. www.
emerald.com/insight/1746-8809.htm
Graham, S. (2023). Cybersecurity is number one risk for global banks, but geopolitical risk tops European
banks’ concerns. EY. https://www.ey.com/en_gl/news/2023/01/cybersecurity-is-number-one-risk-for-
global-banks-but-geopolitical-risk-tops-european-banks-concerns
Granić, A. (2023). Technology adoption at individual level: toward an integrated overview. Univ Access
Inf Soc. doi:10.1007/s10209-023-00974-3
ISACA. (2022). State of the cybersecurity workforce: New ISACA research shows highest retention
difficulties in years. Author. https://www.isaca.org/about-us/newsroom/press-releases/2022/state-of-the-
cybersecurity-workforce-new-isaca-research-shows-retention-difficulties-in-years
Ives, K., & Seymour, D. M. (2022). Using ROI for strategic planning of online education: A process for
institutional transformation. Routledge.
Jones, L. A. (2020). Reputation Risk and Potential Profitability: Best Practices to Predict and Mitigate
Risk through Amalgamated Factors (Order No. 28152966). Available from ProQuest Central; ProQuest
Dissertations & Theses Global. 28152966). https://www.proquest.com/openview/1dbd40ceb5eacaf981
fd65dd3ee3d9b3/1.pdf?pq-origsite=gscholar&c%20bl=18750&diss=y
197
Cyber Leadership Excellence
Kleinmuntz, D. (2007). Resource Allocation Decisions. In W. Edwards, R. Miles Jr, & D. Von Winterfeldt
(Eds.), Advances in Decision Analysis: From Foundations to Applications (pp. 400–418). Cambridge
University Press. doi:10.1017/CBO9780511611308.021
Kruse, K. (2012, January 16). Stephen Covey: 10 quotes that can change your life. Forbes. https://www.
forbes.com/sites/kevinkruse/2012/07/16/the-7-habits/?sh=4d9e7f8b39c6
Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business
Horizons, 64(5), 659–671. doi:10.1016/j.bushor.2021.02.022
Marseille, E., & Kahn, J. G. (2019). Utilitarianism and the ethical foundations of cost-effectiveness
analysis in resource allocation for global health. Philosophy, Ethics, and Humanities in Medicine; PEHM,
14(5), 5. Advance online publication. doi:10.1186/s13010-019-0074-7 PMID:30944009
Milella, F., Minelli, E. A., Strozzi, F., & Croce, D. (2021). Change and Innovation in Healthcare: Find-
ings from Literature. ClinicoEconomics and Outcomes Research, 13, 395–408. doi:10.2147/CEOR.
S301169 PMID:34040399
Morris, G. F. (2019). The cyber-security concerns regarding the internet of things associated with the
critical infrastructure within Northern Nevada (Order No. 13428023). Available from ProQuest Central;
ProQuest Dissertations & Theses Global. (2185755372). https://www.proquest.com/dissertations-theses/
cyber-security-concerns-regarding-internet-things/docview/2185755372/se-2?accountid=167615
Muller, S. R. (2021). A Perspective On the intersection of information security policies and I.A. awareness,
factoring in end-user behavior. Proceedings of the International Conference on Research in Management
& Technovation, 137–142. 10.15439/2020KM1
Murphey, D. (2020). How your H.R. department can help to overcome the cybersecurity skills gap.
BenefitsPRO. https://www.proquest.com/trade-journals/how-your-hr-department-can-help-overcome/
docview/2376391277/se-2?accountid=167615
Murray, S. (2018, July 12). MBA courses start teaching digital security skills: Education business
schools add cyber to the curriculum as attacks become a boardroom matter. Financial Times. https://
www.proquest.com/newspapers/mba-courses-start-teaching-digital-security/docview/2086913126/se-
2?accountid=167615
Nobles, C. (2019). Establishing human factors programs to mitigate blind spots in cybersecurity. Mid-
west Association for Information Systems 2019 Proceedings, 22. https://aisel.aisnet.org/mwais2019/22
Orlanova, A. I. (2012). Continuous education for the knowledge society. Russian Education & Society,
54(4), 3–13. doi:10.2753/RES1060-9393540401
Pressley, A. (2023). 85% of cyber leaders believe AI will outpace cyber defences. Intelligent CISO.
https://www.intelligentciso.com/2023/09/20/85-of-cyber-leaders-believe-ai-will-outpace-cyber-defences/
Roy, P. P. (2020). A high-level comparison between the NIST Cyber Security Framework and the ISO
27001 Information Security Standard. 2020 National Conference on Emerging Trends on Sustainable
Technology and Engineering Applications (NCETSTEA). 1-3. 10.1109/NCETSTEA48365.2020.9119914
198
Cyber Leadership Excellence
Saghafian, M., Laumann, K., & Skogstad, M. R. (2021). Stagewise Overview of Issues Influencing
Organizational Technology Adoption and Use. Frontiers in Psychology, 12, 630145. doi:10.3389/
fpsyg.2021.630145 PMID:33815216
Shakya, B., Schneider, F., Yang, Y., & Sharma, E. (2019). A Multiscale Transdisciplinary Framework
for Advancing the Sustainability Agenda of Mountain Agricultural Systems. Mountain Research and
Development, 39(3). Advance online publication. doi:10.1659/MRD-JOURNAL-D-18-00079.1
Shibly, H. R., Abdullah, A., & Murad, M. W. (2022). Adoption of Innovative Technology. In ERP Adop-
tion in Organizations. Palgrave Macmillan. doi:10.1007/978-3-031-11934-7_3
Tan, F. Z. & Olaore. (2021). Effect of organizational learning and effectiveness on the operations, em-
ployees productivity and management performance. XIMB Journal of Management, 19(2), 110-127.
https://www.emerald.com/insight/content/doi/10.1108/XJM-09-2020-0122/full/html
Tehlia, S. (2023, August 16). Cybersecurity as a strategic investment: How ROI optimization can lead to
a more secure future. Forbes. https://www.forbes.com/sites/forbestechcouncil/2023/08/16/cybersecurity-
as-a-strategic-investment-how-roi-optimization-can-lead-to-a-more-secure-future/?sh=1982a66c4cf7
University of Southern California. (2023). Theoretical framework. Author. https://libguides.usc.edu/
writingguide/theoreticalframework
KEY TERMS AND DEFINITIONS
Cyber Risk Management: Cyber risk management involves identifying, assessing, and mitigating
potential threats and vulnerabilities in an organization’s digital infrastructure and data assets. It involves
strategies and practices aimed at protecting these assets from cyberattacks and minimizing the impact
of security breaches.
Cybersecurity Leadership: Cybersecurity leadership pertains to individuals or teams responsible
for guiding and overseeing an organization’s cybersecurity efforts. This includes setting strategic objec-
tives, making decisions about resource allocation, and ensuring that cybersecurity measures align with
the organization’s goals and risk tolerance.
Education and Training: Education and training in the context of cybersecurity involve programs
and activities designed to impart knowledge and develop skills related to information security. This
includes teaching employees and stakeholders about best practices, policies, and procedures to protect
against cyber threats.
Knowledge Gap: A knowledge gap represents the disparity between what individuals or organiza-
tions currently know and understand and what they need to know to achieve specific objectives or ad-
dress challenges effectively. In cybersecurity, a knowledge gap could refer to the difference between an
organization’s current security knowledge and the knowledge required to protect against cyber threats
adequately.
199
Cyber Leadership Excellence
NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST)
Cybersecurity Framework is a set of guidelines, best practices, and standards developed by the U.S.
government to help organizations manage and improve their cybersecurity risk management processes.
It provides a structured approach for organizations to identify, protect, detect, respond to, and recover
from cyber threats.
Organizational Goals: Organizational goals are specific, measurable, and time-bound objectives that
an organization aims to achieve in order to fulfill its mission and vision. These goals provide a sense of
direction and purpose, guiding the actions and decisions of the organization.
Return on Investment (ROI): Return on Investment is a financial metric that measures the profit-
ability and efficiency of an investment. In the context of cybersecurity, it assesses the financial benefits
or gains compared to the costs of implementing cybersecurity measures. A positive ROI indicates that
the investment has generated a return greater than its initial cost.
Strategy: Strategy refers to a long-term plan or approach that an organization develops to achieve its
goals and objectives. It involves making decisions about resource allocation, competitive positioning,
and the actions necessary to succeed in a particular market or domain.
