A systematic synthesis of critical success factors for cybersecurity

Abstract

Extant studies suggest that cybersecurity is critical and among the IT spending priorities of organizations. In response, the literature draws attention to the cybersecurity critical success factors (CSFs) that enable organizations to focus their scarce resources accordingly. Following a systematic literature review method, we analyze and synthesize extant CSF studies on cybersecurity implementation and management for organizations. Then, drawing on the synthesized CSFs and blending them with IT capability theory, we present an overarching cybersecurity CSF framework building upon 79 cybersecurity elements grouped into 11 CSFs under five dimensions of cybersecurity capability: organizational, infrastructural, strategic, process, and external. In addition, the descriptive analysis of the search results reveals the importance of the various factors and capabilities, the trend of the cybersecurity capability dimensions, the frequency and types of research methods, and the contextual impact of the factors. This research makes an important contribution to the literature on cybersecurity management. The CSF framework serves as the foundation for future researchers interested in measuring organizational cybersecurity success. In addition, practitioners can employ the synthesized CSFs and associated elements to guide their cybersecurity management.