The role of leadership in cybersecurity culture within the South African financial services
Date
2020
Authors
Mataruse, Robert Tutsirayi
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The purpose of this study is to explore the role of leadership in cybersecurity culture within the South African financial services sector. The study is based on a qualitative case study on one of South Africa’s major financial services institution. The organisation in this study processes large volumes of transactional data containing personally identifiable information daily and is currently undergoing a massive organisational transformation aligned to its new strategy.
Face to face semi-structured interviews conducted with senior managers in the organisation served as the primary source of data collection. The interviews were recorded and transcribed for analysis. Publicly available documents and observations of the context provided secondary data sources.
The findings of the study show that awareness education is critical in the communication and creation of a common and shared understanding of the cybersecurity risks and expected behaviour and attitudes. The development of a shared understanding within an organisation is critical to the development of desired behaviours and norms and in turn, culture. The leadership reinforces the awareness message for desired behaviour by being exemplary and authentically living out the values through their leadership style. The leaders’ leadership styles vary on the transactional-transformational leadership continuum.
The organisation has a well-formed compliance culture for risk mitigation. Cybersecurity is an emerging risk type making the development of cybersecurity culture complementary to the existing compliance culture. Due to the qualitative nature of this single case study, the results are not representative of all organisations in the sector; however, they can be used to evaluate how other organisations are developing cybersecurity culture both within and without the sector.
Description
A research report submitted in partial fulfilment of the requirements for the degree of Master of Management in the field of Digital Business to the Faculty of Commerce, Law and Management, University of the Witwatersrand, Johannesburg, 2020
Keywords
Cybersecurity culture, Leadership, Leadership style, Organisational culture, Organisational design, Change management