Guidelines for non-profit organisation governance in cyber resilience

Abstract

Previous research on corporate governance and cyber security risk management has focused primarily on large for-profit organisations. Although this paper includes a focus on cyber resilience strategies non-profit organisation leaders use, a significant aspect of the research exploration is applicable to the growing need for both for-profit and non-profit businesses to develop cyber resilience guidelines to sustain their organisations’ abilities to detect, withstand and recover from cyberattacks and threats. Despite the growing awareness of the importance of cyber resilience, the problem addressed was that a considerable number of organisation senior executives continue to demonstrate an unpreparedness to address information security cybercrime issues and cyber resilience decisions. As a consequence, a single set of standard cyber security risk management procedures related to non-profit organisation cyber resilience decisions did not exist to justify how nonprofit organisation leaders addressed existing network security procedures, implemented strategies or achieved cyber resilience success. This is and has been arguably the most significant threat non-profit organisation leaders have experienced. The goal of this paper is to provide an understanding of non-profit organisation leaders — board chairman, board of directors, executive directors and other executives — cyber security risk management procedures and strategies for cyber resilience board governance in an urban metropolitan city area in the southeastern US. Emerging cyber resilience network security trends and technologies are identified to include the ways non-profit organisation leaders responded to the COVID-19 pandemic health crisis.