Cybersecurity Leadership as Governance: A Constructivist Grounded Theory of Digital Risk Stewardship in Public Education
Authors
Faculty of Educational Studies Universiti Putra Malaysia (Malaysia)
Faculty of Educational Studies Universiti Putra Malaysia (Malaysia)
Article Information
DOI: 10.47772/IJRISS.2026.10200330
Subject Category: Social science
Volume/Issue: 10/2 | Page No: 4502-4517
Publication Timeline
Submitted: 2026-02-21
Accepted: 2026-02-26
Published: 2026-03-09
Abstract
Digital transformation has intensified reliance on digital infrastructures within public education while simultaneously amplifying institutional exposure to cybersecurity risks. Yet educational leadership scholarship continues to privilege innovation and digital maturity, leaving cybersecurity under-theorised as a governance responsibility. Addressing this gap, this study developed a constructivist grounded theory of Cybersecurity Leadership within Malaysia’s public education system. Drawing on 26 semi-structured interviews across school, district, and policy levels, constant comparative analysis generated a multidimensional governance model. Findings reveal a governance internalisation process in which digital risk shifts from delegated technical management to executive accountability. Six interdependent dimensions were identified: strategic governance integration, risk-informed decision-making, cultural reinforcement, capability development, crisis leadership, and ethical stewardship. Through their recursive interaction, these dimensions generate institutional resilience and digital trust. The study reframes cybersecurity as a core executive leadership competency embedded within strategic direction-setting rather than a peripheral compliance function. By integrating socio-technical systems and organisational resilience perspectives, it advances digital leadership theory beyond innovation-centric paradigms and positions risk-informed governance as a foundational principle of sustainable digital transformation in public education.
Keywords
cybersecurity leadership, digital governance, educational leadership, grounded theory
Downloads
References
1. Adelusi, B. S., Ojika, F. U., & Uzoka, A. C. (2022). Advances in data lineage, auditing, and governance in distributed cloud data ecosystems. Shodhshauryam, International Scientific Refereed Research Journal, 5(4), 245-273. [Google Scholar] [Crossref]
2. Afolalu, O., & Tsoeu, M. S. (2025). Cybersecurity in Higher Education Institutions: A Systematic Review of Emerging Trends, Challenges and Solutions. Future Internet, 17(12), 575. [Google Scholar] [Crossref]
3. Akkaya, B. (2023). Grounded theory: A comprehensive examination of data coding. International Journal of Contemporary Educational Research, 10(1), 89-103. [Google Scholar] [Crossref]
4. Ali, H. M., Ranse, J., Roiko, A., & Desha, C. (2022). Investigating organizational learning and adaptations for improved disaster response towards “resilient hospitals:” An integrative literature review. Prehospital and disaster medicine, 37(5), 665-673. [Google Scholar] [Crossref]
5. Ali, M. G. (2025). Cybersecurity Governance and Policy Development in Higher Education Institutions: A Strategic Framework for Resilience and Compliance. Online Submission. [Google Scholar] [Crossref]
6. Aras, A., & Büyüközkan, G. (2023). Digital transformation journey guidance: A holistic digital maturity model based on a systematic literature review. Systems, 11(4), 213. [Google Scholar] [Crossref]
7. Arora, A. (2025). Zero Trust Architecture: Revolutionizing Cybersecurity for Modern Digital Environments. Available at SSRN 5268151. [Google Scholar] [Crossref]
8. Assefa, E. A., & Mujtaba, B. G. (2025). Exploring transformational leadership in education by leveraging diversity and technology for inclusive practices. International Journal of Public Leadership, 21(4), 356-375. [Google Scholar] [Crossref]
9. Atasever, M., & Özen, E. (2025). The Relationship between Financial Information Security Management and Corporate Risk Management. [Google Scholar] [Crossref]
10. Bozdağ, A. A. (2024). Leadership Dynamics and Organizational Behavior in the Tech Industry: The Case of OpenAI. Journal of Organizational Behavior Review, 6(2), 158-186. [Google Scholar] [Crossref]
11. Barruga, M. B. (2025). Systematic Review Of Cybersecurity Frameworks For Higher Education Institutions: Characteristics, Components, And Challenges. International Journal of Applied Mathematics, 38(4s). [Google Scholar] [Crossref]
12. Bento, F., Adenusi, T., & Khanal, P. (2023). Middle level leadership in schools: a scoping review of literature informed by a complex system perspective. International Journal of Leadership in Education, 1-27. [Google Scholar] [Crossref]
13. Blown, E. J., & Bryce, T. G. (2022). When is an interview an inter view? The historical and recent development of methodologies used to investigate children’s astronomy knowledge. Research in Science Education, 52(6), 1869-1908. [Google Scholar] [Crossref]
14. Bobbink, P., Larkin, P., & Probst, S. (2024). Application and challenges of using a Constructivist Grounded Theory methodology to address an undertheorized clinical challenge: A discussion paper. International journal of nursing studies advances, 6, 100199. [Google Scholar] [Crossref]
15. Bouncken, R. B., Czakon, W., & Schmitt, F. (2025). Purposeful sampling and saturation in qualitative research methodologies: recommendations and review. Review of Managerial Science, 1-37. [Google Scholar] [Crossref]
16. Bwiino, K., Mayoka, G. K., Nkamwesiga, L., & Nyamadi, M. (2026). A Systematic Literature Review of Information Security Practices in Higher Education Contexts. IET Information Security, 2026(1), 6324508. [Google Scholar] [Crossref]
17. Chavarnakul, T., Xu, L. D., Bi, Z., Shankar, A., Dhiman, G., Viriyasitavat, W., & Hoonsopon, D. (2025). A Systematic Literature Review on Resilient Digital Transformation, Examining How Organizations Sustain Digital Capabilities. HighTech and Innovation Journal, 6(2). [Google Scholar] [Crossref]
18. Christodoulou, I. P., Rizomyliotis, I., Konstantoulaki, K., Alfiero, S., Hasanago, S., & Paolone, F. (2025). Investigating the key success factors within business models that facilitate long‐term value creation for sustainability‐focused start‐ups. Business Ethics, the Environment & Responsibility, 34(3), 936-950. [Google Scholar] [Crossref]
19. Daher, W. (2023). Saturation in qualitative educational technology research. Education Sciences, 13(2), 98. [Google Scholar] [Crossref]
20. Dahmen, P. (2023). Organizational resilience as a key property of enterprise risk management in response to novel and severe crisis events. Risk Management and Insurance Review, 26(2), 203-245. [Google Scholar] [Crossref]
21. Devarajan, Y., Thandavamoorthy, R., Thatoi, D. N., Jangid, P. K., Manjunath, H. R., Zalawadia, J., ... & Mehar, K. (2026). Advancing SDG-7 for affordable and clean energy: decentralized energy access pathways, policy–finance barriers, and AI-enabled transition strategies. International Journal of Sustainable Energy, 45(1), 2620883. [Google Scholar] [Crossref]
22. Davidson, T., Wall, E., & Mace, J. (2023). A qualitative interview study of distributed tracing visualisation: A characterisation of challenges and opportunities. IEEE Transactions on Visualization and Computer Graphics, 30(7), 3828-3840. [Google Scholar] [Crossref]
23. Efe, A. (2025). Risk Modeling of Challenges and Opportunities in Harmonizing Traditional IT Governance with Emerging Cloud Governance Frameworks. Pamukkale Üniversitesi İşletme Araştırmaları Dergisi, 12(2), 411-435. [Google Scholar] [Crossref]
24. García-Nieto, M., Bueno-Rodríguez, V., Ramón-Jerónimo, J. M., & Flórez-López, R. (2024). Trends and risks in mergers and acquisitions: A review. Risks, 12(9), 143. [Google Scholar] [Crossref]
25. Garcez, A., Silva, R., & Franco, M. (2022). Digital transformation shaping structural pillars for academic entrepreneurship: A framework proposal and research agenda. Education and Information Technologies, 27(1), 1159-1182. [Google Scholar] [Crossref]
26. Gooderham, P., Schmeisser, B., Saebi, T., & Schotter, A. P. J. (2026). The digital transformation of international business: a conceptualization, multidisciplinary review, and research agenda. Journal of World Business, 61(1). [Google Scholar] [Crossref]
27. Hammar Chiriac, E., Forsberg, C., & Thornberg, R. (2023). Teachers’ perspectives on factors influencing the school climate: A constructivist grounded theory case study. Cogent Education, 10(2), 2245171. [Google Scholar] [Crossref]
28. Hanafizadeh, P., & Mehrasa, S. (2025). Governance system design model in platform ecosystems by a socio-technical systems theory. Digital Policy, Regulation and Governance. [Google Scholar] [Crossref]
29. Haque, G. M. M., Akula, D. K., Mohammed, Y. S., Syed, A., & Arafat, Y. (2025). Cybersecurity risk management in the age of digital transformation: A systematic literature review. Emerging Frontiers Library for The American Journal of Engineering and Technology, 7(8), 126-150. [Google Scholar] [Crossref]
30. Hossain, S. T., Yigitcanlar, T., Nguyen, K., & Xu, Y. (2024). Understanding local government cybersecurity policy: A concept map and framework. Information, 15(6), 342. [Google Scholar] [Crossref]
31. Hossan, D., Wolfs, B., & Petkovic, M. (2025). Questionnaire validity and reliability: A review with practical guidelines. Journal of Entrepreneurship, Business and Economics, 13(1), 135-186. [Google Scholar] [Crossref]
32. Isa, R. A., Setiawan, B., & Pakaja, F. (2026). Cybersecurity awareness in the digital commerce ecosystem: factor analysis, program impact and future trends for consumers and MSMEs. Information & Computer Security, 1-26. [Google Scholar] [Crossref]
33. Iyer, S. S., & Raji, B. (2025). Cybersecurity culture and organizational resilience: A human-centered approach to digital risk management. American Journal of Industrial and Business Management, 15(5), 748-766. [Google Scholar] [Crossref]
34. Jalonen, H. (2025). A complexity theory perspective on politico-administrative systems: Insights from a systematic literature review. International Public Management Journal, 28(1), 1-21. [Google Scholar] [Crossref]
35. Kakar, Z. U. H., Rasheed, R., Rashid, A., & Akhter, S. (2023). Criteria for assessing and ensuring the trustworthiness in qualitative research. [Google Scholar] [Crossref]
36. Kamal, M. B., Hossain, M. B., Islam, J., Alam, I. K., Ibn Sayed, N., Assiri, M. A., & Mia, R. (2025). Digital ethics: A review of leadership theories, challenges, and responsibilities. Sage Open, 15(4), 21582440251386901. [Google Scholar] [Crossref]
37. Kesar, B. (2025). Impact of social media adoption on stakeholder engagement and trust. Management Matters, 1-29. [Google Scholar] [Crossref]
38. Khadka, K., & Ullah, A. B. (2025). Human factors in cybersecurity: an interdisciplinary review and framework proposal: K. Khadka, AB Ullah. International Journal of Information Security, 24(3), 119. [Google Scholar] [Crossref]
39. Khan, M. I., & Khan, A. N. (2024). Exploring Management Practices and Theories through Grounded Theory: A Review. Journal of Policy Options, 7(3), 39-46. [Google Scholar] [Crossref]
40. Kin Heng, B. T., & Ng, M. Z. (2025). A Review of the Lifelong Learning and Continuing Education System in Singapore. Qualitative Report, 30(11). [Google Scholar] [Crossref]
41. Kouam, A. W. F. (2025). A systematic literature review of post-positivism and critical realism as epistemological frameworks in educational research. International Journal of Changes in Education, 2(2), 115-122. [Google Scholar] [Crossref]
42. Leung, S. L. T., Ho, W., & Tam, W. K. C. (2026). Professional Development in Enhancing Teachers’ Cybersecurity Awareness: Current Status and Future Directions of Media Literacy Training. Education Sciences, 16(2), 196. [Google Scholar] [Crossref]
43. Lian, Y., Deeprasert, J., & Jiang, S. (2025). Cognitive–Affective Negotiation Process in Green Food Purchase Intention: A Qualitative Study Based on Grounded Theory. Foods, 14(16), 2856. [Google Scholar] [Crossref]
44. Lim, W. M. (2025). What is qualitative research? An overview and guidelines. Australasian marketing journal, 33(2), 199-229. [Google Scholar] [Crossref]
45. Mehta, M., Pancholi, G., & Saxena, A. (2024). Organizational resilience and sustainability: a bibliometric analysis. Cogent Business & Management, 11(1), 2294513. [Google Scholar] [Crossref]
46. Mishra, A., Alzoubi, Y. I., Anwar, M. J., & Gill, A. Q. (2022). Attributes impacting cybersecurity policy development: An evidence from seven nations. Computers & Security, 120, 102820. [Google Scholar] [Crossref]
47. Mızrak, F. (2023). Integrating cybersecurity risk management into strategic management: a comprehensive literature review. Research Journal of Business and Management, 10(3), 98-108. [Google Scholar] [Crossref]
48. Musole, E. (2026). Embedding Ubuntu and Indigenous Business Insights in Zambia: Advancing [Google Scholar] [Crossref]
49. a Neuro-Responsible Governance Framework for the Global South. International Journal of Advanced Business Studies, 5(1), 62-78. [Google Scholar] [Crossref]
50. Nasir, M. S., Khan, H., Qureshi, A., Rafiq, A., & Rasheed, T. (2024). Ethical Aspects In Cyber Security Maintaining Data Integrity and Protection: A Review. Spectrum of engineering sciences, 420-454. [Google Scholar] [Crossref]
51. Nguyen, L. T., & Tuamsuk, K. (2022). Digital learning ecosystem at educational institutions: A content analysis of scholarly discourse. Cogent Education, 9(1), 2111033. [Google Scholar] [Crossref]
52. Paapa, C., & Kambona, O. O. (2025). A critical review of grounded theory and thematic analysis in qualitative research: A way forward for qualitative Researchers. International Journal of Science and Research Archive, 16(3), 302-313. [Google Scholar] [Crossref]
53. Paigude, S. D., Pangarkar, S. C., Dari, S. S., Patil, M., & Gujar, S. N. (2024). A review of cybersecurity policies in the public sector: Challenges and solutions. Computer Fraud & Security, 2024(7), 7-12. [Google Scholar] [Crossref]
54. Perifanis, N. A., & Kitsios, F. (2023). Investigating the influence of artificial intelligence on business value in the digital era of strategy: A literature review. Information, 14(2), 85. [Google Scholar] [Crossref]
55. Pham, M. T., & Nguyen, L. H. (2023). A Comparative Review of Cybersecurity Standards and Frameworks: Supporting Information Assurance in Government and Industry Systems. Transactions on Machine Learning, Artificial Intelligence, and Advanced Intelligent Systems, 13(8), 1-15. [Google Scholar] [Crossref]
56. Pradana, D. W., & Ekowati, D. (2024). Future organizational resilience capability structure: a systematic review, trend and future research directions. Management Research Review, 47(10), 1586-1605. [Google Scholar] [Crossref]
57. Quainoo, C. R., & Ahad, M. A. R. (2026). The Role of Information Security in Responsible AI for Digital SMEs: A Systematic Review of Frameworks, Challenges, and Best Practices. Journal of Ethics and Emerging Technologies, 36(1), 1-29. [Google Scholar] [Crossref]
58. Qureshi, R., & Koo, I. (2026). A Comprehensive Survey of Cybersecurity Threats and Data Privacy Issues in Healthcare Systems. Applied Sciences, 16(3), 1511. [Google Scholar] [Crossref]
59. Recker, J., Chatterjee, S., Sundermeier, J., & Tarafdar, M. (2025). Digital responsibility: Current perspectives and future directions. Journal of the Association for Information Systems, 26(5), 1222-1238. [Google Scholar] [Crossref]
60. Reissner, S., & Whittle, A. (2022). Interview-based research in management and organisation studies: making sense of the plurality of methodological practices and presentational styles. Qualitative Research in Organizations and Management: An International Journal, 17(1), 61-83. [Google Scholar] [Crossref]
61. Safari, K., McKenna, L., & Davis, J. (2023). Promoting generalisation in qualitative nursing research using the multiple case narrative approach: a methodological overview. Journal of Research in Nursing, 28(5), 367-381. [Google Scholar] [Crossref]
62. Savaş, S., & Karataş, S. (2022). Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review, 3(1), 7-34. [Google Scholar] [Crossref]
63. Shava, G. N., Sibanda, S., Moyo, S., Bapire, K., & Mathonsi, E. (2022). Grounded Theory in Educational Research, Features and Processes a Review of Literature. International Journal of Research and Innovation in Social Science, VI, 811-818. [Google Scholar] [Crossref]
64. Soysal, Y., & Türkmen, S. (2024). Reinterpreting the member checking validation strategy in qualitative research through the hermeneutics lens. Qualitative Inquiry in Education: Theory & Practice, 2(1), 42-63. [Google Scholar] [Crossref]
65. Suleman, T. A., Okimiji, O. P., Atoro, T. K., & Adejo, J. E. (2025). Deployment of ChatGPT in Nigerian Universities: Addressing Research Challenges and Ethical Considerations. LASU Journal of Environmental Sciences, 1(1), 338-363. [Google Scholar] [Crossref]
66. Tharwat, H., Hafez, S. T., Elgohary, I. E., & Hassanein, A. (2025). A decade of cybersecurity research in internal auditing: bibliometric mapping and future research agenda. Discover Sustainability, 6(1), 1066. [Google Scholar] [Crossref]
67. Urquhart, C., Cheuk, B., Lam, L., & Snowden, D. (2025). Sense‐making, sensemaking and sense making—A systematic review and meta‐synthesis of literature in information science and education: An Annual Review of Information Science and Technology (ARIST) paper. Journal of the Association for Information Science and Technology, 76(1), 3-97. [Google Scholar] [Crossref]
68. Watini, S., Davies, G., & Andersen, N. (2024). Cybersecurity in learning systems: Data protection and privacy in educational information systems and digital learning environments. International Transactions on Education Technology (ITEE), 3(1), 26-35. [Google Scholar] [Crossref]
69. Wendt-Lucas, N., Thomson Ek, H., Brynteson, M., & Jessen, S. (2025). Smart communities in the Nordic-Baltic region: a literature review: indicators and policies for bridging the urban-rural digital divide. [Google Scholar] [Crossref]
70. Wissemann, A. K., Pit, S. W., Serafin, P., & Gebhardt, H. (2022). Strategic guidance and technological solutions for human resources management to sustain an aging workforce: review of international standards, research, and use cases. JMIR Human Factors, 9(3), e27250. [Google Scholar] [Crossref]
71. Zamil, M. H., & Faruq, M. O. (2022). Cybersecurity And Data Integrity in Financial Systems: A Review Of Risk Mitigation And Compliance Models. International Journal of Scientific Interdisciplinary Research, 1(01), 27-61. [Google Scholar] [Crossref]
Metrics
Views & Downloads
Similar Articles
- The Impact of Ownership Structure on Dividend Payout Policy of Listed Plantation Companies in Sri Lanka
- Urban Sustainability in North-East India: A Study through the lens of NER-SDG index
- Performance Assessment of Predictive Forecasting Techniques for Enhancing Hospital Supply Chain Efficiency in Healthcare Logistics
- The Fractured Self in Julian Barnes' Postmodern Fiction: Identity Crisis and Deflation in Metroland and the Sense of an Ending
- Impact of Flood on the Employment, Labour Productivity and Migration of Agricultural Labour in North Bihar