{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T19:43:10Z","timestamp":1776109390103,"version":"3.50.1"},"reference-count":36,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T00:00:00Z","timestamp":1755475200000},"content-version":"vor","delay-in-days":229,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100023260","name":"Jeremy Coller Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100023260","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004375","name":"Tel Aviv University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004375","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>This paper designs and offers a framework that expands a strategic sensemaking approach that boards of directors can follow and apply in order to improve their oversight over cybersecurity threats looming over their organizations. We explain how this sensemaking process, which involves scanning, interpretation, and action activities, unfolds across the different phases\u2014in routine (prior to the cybersecurity event), under the attack (during the cybersecurity event), and recovery (post-cybersecurity breach event). We use real case studies to illustrate the process in ways that deepen the understanding regarding the processes boards of directors should use to guide their organizations.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf021","type":"journal-article","created":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T11:35:14Z","timestamp":1754393714000},"source":"Crossref","is-referenced-by-count":2,"title":["A strategic cybersecurity oversight framework: a board\u2019s imperative"],"prefix":"10.1093","volume":"11","author":[{"given":"Yaniv","family":"Harel","sequence":"first","affiliation":[{"name":"ICRC\u2014Interdisciplinary Cyber Research Center, Tel Aviv University , Ramat-Aviv, Tel Aviv 69978 ,","place":["Israel"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1968-8998","authenticated-orcid":false,"given":"Abraham","family":"Carmeli","sequence":"additional","affiliation":[{"name":"Faculty of Management-Coller School of Management, Tel Aviv University , Ramat-Aviv, Tel Aviv 69978 ,","place":["Israel"]}]}],"member":"286","published-online":{"date-parts":[[2025,8,18]]},"reference":[{"key":"2025081807571027300_bib1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.ssci.2020.105143","article-title":"Defining cyber risk","volume":"135","author":"Strupczewski","year":"2021","journal-title":"Saf Sci"},{"key":"2025081807571027300_bib2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1093\/cybsec\/tyae013","article-title":"\u2018There was a bit of PTSD every time I walked through the office door\u2019: ransomware harms and the factors that influence the victim organization\u2019s experience","volume":"10","author":"Mott","year":"2024","journal-title":"J Cybersecur"},{"key":"2025081807571027300_bib3","doi-asserted-by":"publisher","first-page":"1319","DOI":"10.1002\/smj.640","article-title":"Explicating dynamic capabilities: the nature and microfoundations of (sustainable) enterprise performance","volume":"28","author":"Teece","year":"2007","journal-title":"Strateg Manag J"},{"key":"2025081807571027300_bib4","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.cose.2009.04.006","article-title":"Human and organizational factors in computer and information security: pathways to vulnerabilities","volume":"28","author":"Kraemer","year":"2009","journal-title":"Comput Secur"},{"key":"2025081807571027300_bib5","volume-title":"Cyber-Risk Oversight: Director\u2019s Handbook Series","author":"National Association of Corporate Directors","year":"2020","edition":"5th edn."},{"key":"2025081807571027300_bib6","doi-asserted-by":"publisher","first-page":"253","DOI":"10.2753\/MIS0742-1222260409","article-title":"A service science perspective on strategic choice, IT, and performance in U.S. banking","volume":"26","author":"Tallon","year":"2010","journal-title":"J Manag Inf Syst"},{"key":"2025081807571027300_bib7","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1086\/467037","article-title":"Separation of ownership and control","volume":"26","author":"Fama","year":"1983","journal-title":"J Law Econ"},{"key":"2025081807571027300_bib8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1093\/cybsec\/tyad018","article-title":"Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception","volume":"9","author":"Parkin","year":"2023","journal-title":"J Cybersecur"},{"key":"2025081807571027300_bib9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3057729","article-title":"Cyber security and the role of intelligent systems in addressing its challenges","volume":"8","author":"Harel","year":"2017","journal-title":"ACM Trans Intell Syst Technol"},{"key":"2025081807571027300_bib10","article-title":"Boards are having the wrong conversations about cybersecurity","author":"Milic\u0103","year":"2023","journal-title":"Harvard Bus Rev"},{"key":"2025081807571027300_bib40_207_143125","article-title":"Living in \"interesting\" times: The 2024 board agenda","author":"Deloitte","year":"2024"},{"key":"2025081807571027300_bib41_546_143625","author":"National Association of Corporate Directors (NACD)","year":"2023"},{"key":"2025081807571027300_bib11","volume-title":"The External Control of Organizations: A Resource Dependence Perspective","author":"Pfeffer","year":"1978"},{"key":"2025081807571027300_bib12","doi-asserted-by":"publisher","first-page":"147","DOI":"10.2307\/2095101","article-title":"The iron cage revisited: institutional isomorphism and collective rationality in organizational fields","volume":"48","author":"DiMaggio","year":"1983","journal-title":"Am Sociol Rev"},{"key":"2025081807571027300_bib13","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1002\/smj.4250120604","article-title":"Sensemaking and sensegiving in strategic change initiation","volume":"12","author":"Gioia","year":"1991","journal-title":"Strateg Manag J"},{"key":"2025081807571027300_bib14","doi-asserted-by":"publisher","first-page":"1331","DOI":"10.1111\/joms.12613","article-title":"Of organizing and sensemaking: from action to meaning and back again in a half-century of Weick\u2019s theorizing","volume":"57","author":"Glynn","year":"2020","journal-title":"J Manag Stud"},{"key":"2025081807571027300_bib39","volume-title":"Sensemaking in Organizations","author":"Weick","year":"1995"},{"key":"2025081807571027300_bib15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1093\/cybsec\/tyad015","article-title":"Predictive taxonomy analytics (LASSO): predicting outcome types of cyber breach","volume":"9","author":"Goh","year":"2023","journal-title":"J Cybersecur"},{"key":"2025081807571027300_bib16","doi-asserted-by":"publisher","first-page":"239","DOI":"10.5465\/256522","article-title":"Strategic sensemaking and organizational performance: linkages among scanning, interpretation, action, and outcomes","volume":"36","author":"Thomas","year":"1993","journal-title":"AMJ"},{"key":"2025081807571027300_bib17","doi-asserted-by":"publisher","first-page":"763","DOI":"10.5465\/amr.1986.4283930","article-title":"Developing a process model of problem recognition","volume":"11","author":"Cowan","year":"1986","journal-title":"AMR"},{"key":"2025081807571027300_bib18","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1002\/smj.4250090604","article-title":"Measuring and modelling changes in strategy: theoretical foundations and empirical directions","volume":"9","author":"Ginsberg","year":"1988","journal-title":"Strateg Manag J"},{"key":"2025081807571027300_bib19","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1111\/corg.12167","article-title":"Advancing the corporate governance research agenda","volume":"24","author":"Aguilera","year":"2016","journal-title":"Corp Gov"},{"key":"2025081807571027300_bib20","doi-asserted-by":"publisher","first-page":"371","DOI":"10.2307\/30040727","article-title":"Corporate governance: decades of dialogue and data","volume":"28","author":"Daily","year":"2003","journal-title":"Acad Manage Rev"},{"key":"2025081807571027300_bib21","doi-asserted-by":"publisher","first-page":"207","DOI":"10.5465\/amj.2017.1256","article-title":"Too unsafe to monitor? How board\u2013CEO cognitive conflict and chair leadership shape outside director monitoring","volume":"64","author":"Veltrop","year":"2021","journal-title":"AMJ"},{"key":"2025081807571027300_bib22","doi-asserted-by":"publisher","first-page":"607","DOI":"10.5465\/19416520.2013.783669","article-title":"A behavioral theory of corporate governance: explicating the mechanisms of socially situated and socially constituted agency","volume":"7","author":"Westphal","year":"2013","journal-title":"ANNALS"},{"key":"2025081807571027300_bib23","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1037\/mgr0000167","article-title":"On the power of professional and relational respect of chairpersons","volume":"28","author":"Nahum","year":"2025","journal-title":"Psychol Leaders Lead"},{"key":"2025081807571027300_bib24","doi-asserted-by":"publisher","first-page":"532","DOI":"10.2307\/258557","article-title":"Building theories from case study research","volume":"14","author":"Eisenhardt","year":"1989","journal-title":"Acad Manag Rev"},{"key":"2025081807571027300_bib25","doi-asserted-by":"publisher","first-page":"25","DOI":"10.5465\/amj.2007.24160888","article-title":"Theory building from cases: opportunities and challenges","volume":"50","author":"Eisenhardt","year":"2007","journal-title":"AMJ"},{"key":"2025081807571027300_bib26","volume-title":"Qualitative Research and Evaluation Methods","author":"Patton","year":"2002","edition":"3rd edn."},{"key":"2025081807571027300_bib27","volume-title":"Case Study Research and Applications: Design and Methods","author":"Yin","year":"2018","edition":"6th edn."},{"key":"2025081807571027300_bib28","doi-asserted-by":"publisher","first-page":"27","DOI":"10.3316\/QRJ0902027","article-title":"Document analysis as a qualitative research method","volume":"9","author":"Bowen","year":"2009","journal-title":"Qual Res J"},{"key":"2025081807571027300_bib29","volume-title":"Institutions and Organizations: Ideas, Interests, and Identities","author":"Scott","year":"2014","edition":"4th edn."},{"key":"2025081807571027300_bib30","volume-title":"Culture\u2019s Consequences: Comparing Values, Behaviors, Institutions and Organizations Across Nations","author":"Hofstede","year":"2001","edition":"2nd edn."},{"key":"2025081807571027300_bib31","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1016\/j.lrp.2008.01.001","article-title":"Organisational crisis-preparedness: the importance of learning from failures","volume":"41","author":"Carmeli","year":"2008","journal-title":"Long Range Plann"},{"key":"2025081807571027300_bib32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1093\/cybsec\/tyad003","article-title":"Maximizing the benefits from sharing cyber threat intelligence by government agencies and departments","volume":"9","author":"Dykstra","year":"2023","journal-title":"J Cybersecur"},{"key":"2025081807571027300_bib33","doi-asserted-by":"publisher","first-page":"489","DOI":"10.2307\/259138","article-title":"Cognition and corporate governance: understanding boards of directors as strategic decision-making groups","volume":"24","author":"Forbes","year":"1999","journal-title":"Acad Manag Rev"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf021\/64076387\/tyaf021.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf021\/64076387\/tyaf021.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T11:57:17Z","timestamp":1755518237000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf021\/8237280"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":36,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf021","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf021"}}