Cybersecurity Governance in the Age of Disruption: An Ambidextrous Approach with Insights from Regional Strategies and the Energy Sector

Abstract

The rapidly changing Cybersecurity landscape challenges organisations to develop effective governance mechanisms that respond to evolving business, regulatory, and technical environments. Despite growing attention, substantial uncertainties remain around effective Cybersecurity governance practices. This thesis applies ambidexterity theory to propose a novel governance approach that balances exploration and exploitation to address evolving cyber threats. The research identifies gaps in the literature, particularly regarding the conceptualisation of Cybersecurity governance, exploration of alternative governance models, broadening of theoretical perspectives, and the empirical study of critical infrastructure. It critically analyses existing frameworks and standards, highlighting inconsistencies and proposing an improved model for evaluating governance effectiveness. The study emphasises the need for alternative strategies to address the dynamic threat landscape, especially in the energy sector, drawing on management, economics, sociology, and organisational studies to enhance governance approaches. A regional analysis of Cybersecurity strategies in Australia and New Zealand provides contextual insights, informing a detailed case study of the energy sector. This highlights sector-specific strategies to balance innovation and operational excellence. The focus on critical infrastructure underscores Cybersecurity’s importance in sectors vital to societal and economic stability, addressing a significant research gap. Employing a qualitative methodology, including interviews and document analysis, the research ensures reliability and credibility. Overall, this thesis advances both theoretical and practical understanding of Cybersecurity governance, offering valuable insights for academia and practice in navigating the complexities of Cybersecurity in critical infrastructures.