{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T10:59:35Z","timestamp":1776423575309,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3772318.3791142","type":"proceedings-article","created":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T04:12:36Z","timestamp":1776053556000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["From Oversight to Insight: Transforming Cybersecurity Governance in Boardrooms"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6190-1863","authenticated-orcid":false,"given":"Tooba","family":"Aamir","sequence":"first","affiliation":[{"name":"Data61, CSIRO, Clayton, VIC, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5802-8642","authenticated-orcid":false,"suffix":"Dr","given":"Georgia","family":"Psaroulis","sequence":"additional","affiliation":[{"name":"Geo-Spir, Perth, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6933-0145","authenticated-orcid":false,"given":"Marthie","family":"Grobler","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Melbourne, Victoria, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1345-2829","authenticated-orcid":false,"given":"Helge","family":"Janicke","sequence":"additional","affiliation":[{"name":"Security Research Institute, Edith Cowan University, Perth, Western Australia, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,13]]},"reference":[{"key":"e_1_3_3_3_2_2","volume-title":"Fiduciary duties of directors","year":"2019","unstructured":"Australian Institute of Company Directors (AICD) 2019. Fiduciary duties of directors. Australian Institute of Company Directors (AICD). https:\/\/www.aicd.com.au\/board-of-directors\/duties\/fiduciary.html#:\u00a0:text=In%20Australia%2C%20fiduciary%20duty%20is Accessed: 2025-11-11."},{"key":"e_1_3_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3437534"},{"key":"e_1_3_3_3_4_2","doi-asserted-by":"crossref","unstructured":"Moneer Alshaikh. 2020. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security 98 (2020) 102003.","DOI":"10.1016\/j.cose.2020.102003"},{"key":"e_1_3_3_3_5_2","doi-asserted-by":"publisher","DOI":"10.5555\/872016.872155"},{"key":"e_1_3_3_3_6_2","unstructured":"Australian Securities and Investments Commission. 2022. Federal Court of Australia decision in \u2018ASIC v RI Advice Group Pty Ltd\u2019. Retrieved from https:\/\/download.asic.gov.au\/media\/zhodijpp\/22-104mr-2022-fca-496.pdf. Accessed: 2\/11\/2023."},{"key":"e_1_3_3_3_7_2","unstructured":"Australian Securities and Investments Commission. 2024. Key Questions for an Organisation\u2019s Board of Directors. https:\/\/asic.gov.au\/regulatory-resources\/corporate-governance\/cyber-resilience\/key-questions-for-an-organisation-s-board-of-directors\/. Accessed: 29\/05\/2024."},{"key":"e_1_3_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/INCISCOS.2017.29"},{"key":"e_1_3_3_3_9_2","doi-asserted-by":"crossref","unstructured":"Mariette Bengtsson. 2016. How to plan and perform a qualitative study using content analysis. NursingPlus Open 2 (2016) 8\u201314.","DOI":"10.1016\/j.npls.2016.01.001"},{"key":"e_1_3_3_3_10_2","unstructured":"Steven Bird Edward Loper and Ewan Klein. 2009. Natural language processing with Python. https:\/\/www.nltk.org\/."},{"key":"e_1_3_3_3_11_2","unstructured":"David\u00a0M Blei Andrew\u00a0Y Ng and Michael\u00a0I Jordan. 2003. Latent dirichlet allocation. Journal of Machine Learning Research 3 Jan (2003) 993\u20131022."},{"key":"e_1_3_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1057\/9780230244276_3"},{"key":"e_1_3_3_3_13_2","doi-asserted-by":"crossref","unstructured":"Virginia Braun and Victoria Clarke. 2019. Reflecting on reflexive thematic analysis. Qualitative Research in Sport Exercise and Health 11 4 (2019) 589\u2013597.","DOI":"10.1080\/2159676X.2019.1628806"},{"key":"e_1_3_3_3_14_2","doi-asserted-by":"crossref","unstructured":"Vincent Bruni-Bossio. 2020. Keeping boards in the loop: getting directors the right information. Journal of Business Strategy 41 2 (2020) 19\u201328.","DOI":"10.1108\/JBS-10-2018-0179"},{"key":"e_1_3_3_3_15_2","doi-asserted-by":"publisher","unstructured":"David Byrne. 2022. A worked example of Braun and Clarke\u2019s approach to reflexive thematic analysis. Quality & Quantity 56 3 (2022) 1391\u20131412. 10.1007\/s11135-021-01182-y","DOI":"10.1007\/s11135-021-01182-y"},{"key":"e_1_3_3_3_16_2","unstructured":"C-Risk. 2024. C-Suite. https:\/\/www.c-risk.com\/c-suite. Accessed: 29\/05\/2024."},{"key":"e_1_3_3_3_17_2","unstructured":"Canadian Centre for Cyber Security. 2022. ITSAP.10.101 - What is a cyber security risk? https:\/\/www.cyber.gc.ca\/sites\/default\/files\/2022-07\/itsap10101-e.pdf. Accessed: 29\/04\/2024."},{"key":"e_1_3_3_3_18_2","doi-asserted-by":"crossref","unstructured":"Hasan Cavusoglu Huseyin Cavusoglu and Srinivasan Raghunathan. 2004. Economics of IT security management: Four improvements to current security practices. Communications of the Association for Information Systems 14 1 (2004) 3.","DOI":"10.17705\/1CAIS.01403"},{"key":"e_1_3_3_3_19_2","unstructured":"Center for Strategic and International Studies (CSIS). 2024. Significant cyber incidents. https:\/\/www.csis.org\/programs\/strategic-technologies-program\/significant-cyber-incidents. Accessed: 02\/04\/2024."},{"key":"e_1_3_3_3_20_2","doi-asserted-by":"crossref","unstructured":"Jing Chen Elaine Henry and Xi Jiang. 2022. Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach. Journal of Business Ethics 187 199\u2013224.","DOI":"10.1007\/s10551-022-05107-z"},{"key":"e_1_3_3_3_21_2","doi-asserted-by":"crossref","unstructured":"Jing Chen Elaine Henry and Xi Jiang. 2024. More than malware: unmasking the hidden risk of cybersecurity regulations. International Cybersecurity Law Review 5 169\u2013212.","DOI":"10.1365\/s43439-024-00111-7"},{"key":"e_1_3_3_3_22_2","unstructured":"Ericka Chickowski. 2023. How much cybersecurity expertise does a board need? https:\/\/www.csoonline.com\/article\/656596\/how-much-cybersecurity-expertise-does-a-board-need.html. Accessed: 2\/11\/2023."},{"key":"e_1_3_3_3_23_2","doi-asserted-by":"crossref","unstructured":"George Christou. 2018. The challenges of cybercrime governance in the European Union. European Politics and Society 19 3 (2018) 355\u2013375.","DOI":"10.1080\/23745118.2018.1430722"},{"key":"e_1_3_3_3_24_2","unstructured":"Cybersecurity and Infrastructure Security Agency. 2024. Shields Up: Guidance for corporate leaders and CEOs. https:\/\/www.cisa.gov\/shields-up. Accessed: 29\/04\/2024."},{"key":"e_1_3_3_3_25_2","doi-asserted-by":"crossref","unstructured":"Joseph Da\u00a0Silva and Rikke\u00a0Bjerg Jensen. 2022. \" Cyber security is a dark art\": The CISO as soothsayer. Proceedings of the ACM on Human-Computer Interaction 6 CSCW2 (2022) 1\u201331.","DOI":"10.1145\/3555090"},{"key":"e_1_3_3_3_26_2","doi-asserted-by":"crossref","unstructured":"Duy Dang-Pham Nik Thompson Atif Ahmad and Sean Maynard. 2025. Shadow Information Security Practices in Organizations: The role of information security transparency overload and psychological empowerment. Computers & Security 156 (2025) 104538.","DOI":"10.1016\/j.cose.2025.104538"},{"key":"e_1_3_3_3_27_2","unstructured":"Deloitte. 2023. Heads up \u2014 SEC issues new requirements for cybersecurity disclosures. 30 13 (July 2023). https:\/\/dart.deloitte.com\/USDART\/pdf\/e1131b39-e308-409a-a094-ffbd02af409f"},{"key":"e_1_3_3_3_28_2","doi-asserted-by":"crossref","unstructured":"Stefanie D\u00f6ringer. 2021. \u2018The problem-centred expert interview\u2019. Combining qualitative interviewing approaches for investigating implicit expert knowledge. International Journal of Social Research Methodology 24 3 (2021) 265\u2013278.","DOI":"10.1080\/13645579.2020.1766777"},{"key":"e_1_3_3_3_29_2","doi-asserted-by":"crossref","unstructured":"Kizzy Gandy. 2024. How many interviews or focus groups are enough? Evaluation Journal of Australasia 24 3 (2024) 211\u2013223.","DOI":"10.1177\/1035719X241266964"},{"key":"e_1_3_3_3_30_2","unstructured":"Gartner. 2024. Document 4013892. https:\/\/www.gartner.com\/en\/documents\/4013892. Accessed: 29\/05\/2024."},{"key":"e_1_3_3_3_31_2","unstructured":"S.S. Girn. 2024. Cybersecurity Governance Framework for Board Directors. Ph.\u00a0D. Dissertation. University of Technology Sydney. Master\u2019s\/PhD thesis."},{"key":"e_1_3_3_3_32_2","doi-asserted-by":"publisher","unstructured":"Yaniv Harel and Abraham Carmeli. 2025. A strategic cybersecurity oversight framework: a board\u2019s imperative. Journal of Cybersecurity 11 1 (2025) tyaf021. 10.1093\/cybsec\/tyaf021","DOI":"10.1093\/cybsec\/tyaf021"},{"key":"e_1_3_3_3_33_2","doi-asserted-by":"crossref","unstructured":"Caroline\u00a0C Hartmann and Jimmy Carmenate. 2021. Academic research on the role of corporate governance and IT expertise in addressing cybersecurity breaches: Implications for practice policy and research. Current issues in auditing 15 2 (2021) A9\u2013A23.","DOI":"10.2308\/CIIA-2020-034"},{"key":"e_1_3_3_3_34_2","doi-asserted-by":"crossref","unstructured":"Monique Hennink and Bonnie\u00a0N Kaiser. 2022. Sample sizes for saturation in qualitative research: A systematic review of empirical tests. Social science & medicine 292 (2022) 114523.","DOI":"10.1016\/j.socscimed.2021.114523"},{"key":"e_1_3_3_3_35_2","volume-title":"32st USENIX Security Symposium (USENIX Security 23), Boston, MA","author":"Hielscher Jonas","year":"2023","unstructured":"Jonas Hielscher, Uta Menges, Simon Parkin, Annette Kluge, and M\u00a0Angela Sasse. 2023. \u201cEmployees Who Don\u2019t Accept the Time Security Takes Are Not Aware Enough\u201d: The CISO View of Human-Centred Security. In 32st USENIX Security Symposium (USENIX Security 23), Boston, MA."},{"key":"e_1_3_3_3_36_2","doi-asserted-by":"crossref","unstructured":"Klaus\u00a0J. Hopt. 2017. The dialogue between the chairman of the board and investors: The practice in the UK the Netherlands and Germany and the future of the German Corporate Governance Code under the new chairman. ECGI - Law Working Paper No. 365\/2017 (September 2017). Available at SSRN: https:\/\/ssrn.com\/abstract=3030693 or http:\/\/dx.doi.org\/10.2139\/ssrn.3030693.","DOI":"10.2139\/ssrn.3030693"},{"key":"e_1_3_3_3_37_2","unstructured":"Md\u00a0Shariful Islam and Thomas Stafford. 2017. Information Technology (IT) integration and cybersecurity\/security: the security savviness of board of directors. (2017)."},{"key":"e_1_3_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3706598.3713290"},{"key":"e_1_3_3_3_39_2","unstructured":"Wall\u00a0Street Journal. 2025. Cybersecurity: The Internal Threats Boards Overlook. https:\/\/www.wsj.com\/tech\/cybersecurity\/cyber-security-internal-threats-4d4c70dd. Accessed: 2025-09-03."},{"key":"e_1_3_3_3_40_2","first-page":"20","volume-title":"Journal of The Colloquium for Information Systems Security Education","author":"Kakkar Deep","year":"2018","unstructured":"Deep Kakkar and Lori Gordon. 2018. Envisioning alternate futures will change our thinking about cybersecurity. In Journal of The Colloquium for Information Systems Security Education , Vol.\u00a06. 20\u201320."},{"key":"e_1_3_3_3_41_2","doi-asserted-by":"crossref","unstructured":"Jong-Seok Kim and Dongsu Seo. 2023. Foresight and strategic decision-making framework from artificial intelligence technology development to utilization activities in small-and-medium-sized enterprises. foresight 25 6 (2023) 769\u2013787.","DOI":"10.1108\/FS-06-2022-0069"},{"key":"e_1_3_3_3_42_2","unstructured":"KPMG. 2023. SEC\u2019s final cybersecurity rules: A board lens. https:\/\/assets.kpmg.com\/content\/dam\/kpmg\/xx\/pdf\/2023\/09\/sec-final-cybersecurity-rules-a-board-lens.pdf"},{"key":"e_1_3_3_3_43_2","unstructured":"David\u00a0F Larcker Peter\u00a0C Reiss and Brian Tayan. 2017. Critical update needed: Cybersecurity expertise in the boardroom. Rock Center for Corporate Governance at Stanford University Closer Look Series: Topics Issues and Controversies in Corporate Governance No. CGRP-69 Stanford University Graduate School of Business Research Paper17-70 (2017)."},{"key":"e_1_3_3_3_44_2","doi-asserted-by":"crossref","unstructured":"Seth\u00a0C Lewis Rodrigo Zamith and Alfred Hermida. 2013. Content analysis in an era of big data: A hybrid approach to computational and manual methods. Journal of broadcasting & electronic media 57 1 (2013) 34\u201352.","DOI":"10.1080\/08838151.2012.761702"},{"key":"e_1_3_3_3_45_2","doi-asserted-by":"publisher","unstructured":"Michelle Lowry Anthony Vance and Marshall\u00a0D. Vance. 2021. Inexpert supervision: Field evidence on boards\u2019 oversight of cybersecurity. https:\/\/ssrn.com\/abstract=4002794 or 10.2139\/ssrn.4002794. Accessed: 02\/04\/2023.","DOI":"10.2139\/ssrn.4002794"},{"key":"e_1_3_3_3_46_2","volume-title":"ICIS 2022 Proceedings","author":"Lowry Michelle\u00a0Ren\u00e9","year":"2022","unstructured":"Michelle\u00a0Ren\u00e9 Lowry, Zeynep Sahin, and Anthony Vance. 2022. Taking a seat at the table: The quest for CISO legitimacy. In ICIS 2022 Proceedings. https:\/\/aisel.aisnet.org\/icis2022\/security\/security\/14"},{"key":"e_1_3_3_3_47_2","doi-asserted-by":"crossref","unstructured":"Jyoti\u00a0D Mahadeo Teerooven Soobaroyen and Vanisha\u00a0Oogarah Hanuman. 2012. Board composition and financial performance: Uncovering the effects of diversity in an emerging economy. Journal of business ethics 105 (2012) 375\u2013388.","DOI":"10.1007\/s10551-011-0973-z"},{"key":"e_1_3_3_3_48_2","doi-asserted-by":"crossref","unstructured":"Yassine Maleh Abdelkebir Sahid and Mustapha Belaissaoui. 2021. A maturity framework for cybersecurity governance in organizations. EDPACS 63 6 (2021) 1\u201322.","DOI":"10.1080\/07366981.2020.1815354"},{"key":"e_1_3_3_3_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491418.3535180"},{"key":"e_1_3_3_3_50_2","doi-asserted-by":"crossref","unstructured":"Joshua McLeod Shaun Star and David Shilbury. 2023. Board composition in national sport federations: A cross-country comparative analysis of diversity and board size. Managing Sport and Leisure 28 6 (2023) 714\u2013731.","DOI":"10.1080\/23750472.2021.1970614"},{"key":"e_1_3_3_3_51_2","unstructured":"Anita Modi Ievgeniia Kuzminykh and Bogdan Ghita. 2023. Data driven approaches to cybersecurity governance for board decision-making\u2013 A systematic review. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2311.17578 (2023)."},{"key":"e_1_3_3_3_52_2","unstructured":"National Cyber Security Centre. 2016. Common cyber attacks: Reducing the impact. https:\/\/www.ncsc.gov.uk\/guidance\/white-papers\/common-cyber-attacks-reducing-impact. Accessed: 02\/02\/2024."},{"key":"e_1_3_3_3_53_2","unstructured":"National Cyber Security Centre. 2020. Cyber security governance: The role of the board. https:\/\/www.ncsc.gov.uk\/blog-post\/cyber-security-governance-the-role-of-the-board. Accessed: 29\/05\/2024."},{"key":"e_1_3_3_3_54_2","unstructured":"National Cyber Security Centre (NCSC). 2024. NCSC Board Toolkit. https:\/\/www.ncsc.gov.uk\/collection\/board-toolkit. Accessed: 02\/04\/2024."},{"key":"e_1_3_3_3_55_2","volume-title":"Cyber and AI Oversight Disclosures: What Companies Shared in 2025","author":"Niemann Pat","year":"2025","unstructured":"Pat Niemann. 2025. Cyber and AI Oversight Disclosures: What Companies Shared in 2025. Harvard Law School Forum on Corporate Governance. https:\/\/corpgov.law.harvard.edu\/2025\/10\/28\/cyber-and-ai-oversight-disclosures-what-companies-shared-in-2025\/ Accessed: 2025-11-20."},{"key":"e_1_3_3_3_56_2","doi-asserted-by":"crossref","unstructured":"Yuri Nieto Vicente Gac\u00eda-D\u00edaz Carlos Montenegro Claudio\u00a0Camilo Gonz\u00e1lez and Rub\u00e9n\u00a0Gonz\u00e1lez Crespo. 2019. Usage of machine learning for strategic decision making at higher educational institutions. Ieee Access 7 (2019) 75007\u201375017.","DOI":"10.1109\/ACCESS.2019.2919343"},{"key":"e_1_3_3_3_57_2","doi-asserted-by":"publisher","DOI":"10.5220\/0012695900003690"},{"key":"e_1_3_3_3_58_2","doi-asserted-by":"crossref","unstructured":"Niki O\u2019Brien Roberto\u00a0Fernandez Crespo Fiona O\u2019Driscoll Mabel Prendergast Deeph Chana Ara Darzi Saira Ghafur et\u00a0al. 2024. Usability and feasibility evaluation of a web-based and offline cybersecurity resource for health care organizations (The essentials of cybersecurity in health care organizations framework resource): Mixed methods study. JMIR Formative Research 8 1 (2024) e50968.","DOI":"10.2196\/50968"},{"key":"e_1_3_3_3_59_2","volume-title":"Cyber Security Governance Principles","author":"Company\u00a0Directors Australian\u00a0Institute of","year":"2024","unstructured":"Australian\u00a0Institute of Company\u00a0Directors. 2024. Cyber Security Governance Principles. Technical Report. Australian Institute of Company Directors. https:\/\/www.aicd.com.au\/risk-management\/framework\/cyber-security\/cyber-security-governance-principles.html"},{"key":"e_1_3_3_3_60_2","volume-title":"Governing Through a Cyber Crisis - Cyber Incident Response and Recovery for Australian Directors","author":"Company\u00a0Directors Australian\u00a0Institute of","year":"2024","unstructured":"Australian\u00a0Institute of Company\u00a0Directors. 2024. Governing Through a Cyber Crisis - Cyber Incident Response and Recovery for Australian Directors. Technical Report. Australian Institute of Company Directors. https:\/\/www.aicd.com.au\/risk-management\/framework\/cyber-security\/governing-through-a-cyber-crisis-cyber-incident-response-and-recovery-for-australian-directors.html"},{"key":"e_1_3_3_3_61_2","unstructured":"National\u00a0Association of Corporate Directors\u00a0(NACD). 2024. Nora Denzel and David Kenny to Co-Chair the 2024 NACD Blue Ribbon Commission on Board Oversight of Technology. https:\/\/www.nacdonline.org\/about\/NACD-in-the-news\/press-release\/nora-denzel-and-david-kenny-to-co-chair-the-2024-nacd-blue-ribbon-commission-on-board-oversight-of-technology\/?Refid=newsletter Retrieved from the National Association of Corporate Directors website."},{"key":"e_1_3_3_3_62_2","volume-title":"NDSS","author":"Opdenbusch Jens","year":"2025","unstructured":"Jens Opdenbusch, Jonas Hielscher, and M\u00a0Angela Sasse. 2025. \" Where Are We On Cyber?\"-A Qualitative Study On Boards\u2019 Cybersecurity Risk Decision Making.. In NDSS."},{"key":"e_1_3_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329818"},{"key":"e_1_3_3_3_64_2","doi-asserted-by":"crossref","unstructured":"Susanne Peters. 2021. Market conditions of international VET providers: A comparative analysis of Australia UK USA and Germany. Empirical Research in Vocational Education and Training 13 1 (2021) 23.","DOI":"10.1186\/s40461-021-00128-w"},{"key":"e_1_3_3_3_65_2","doi-asserted-by":"crossref","unstructured":"Andrew Pettigrew and Terry McNulty. 1995. Power and influence in and around the boardroom. Human Relations 48 8 (1995) 845\u2013873.","DOI":"10.1177\/001872679504800802"},{"key":"e_1_3_3_3_66_2","unstructured":"PricewaterhouseCoopers. 2024. Board Central. https:\/\/www.pwc.com\/us\/en\/products\/board-central.html. Accessed: 29\/05\/2024."},{"key":"e_1_3_3_3_67_2","unstructured":"Harvard\u00a0Business Review. 2025. Boards Need a More Active Approach to Cybersecurity. https:\/\/hbr.org\/2025\/05\/boards-need-a-more-active-approach-to-cybersecurity. Accessed: 2025-09-03."},{"key":"e_1_3_3_3_68_2","doi-asserted-by":"crossref","unstructured":"Amir Rubin and Dan Segal. 2019. Directors skill and financial reporting quality. Journal of Business Finance & Accounting 46 3-4 (2019) 457\u2013493.","DOI":"10.1111\/jbfa.12359"},{"key":"e_1_3_3_3_69_2","first-page":"5","volume-title":"European Symposium on Research in Computer Security","author":"Sandberg Susanne\u00a0Barkhald","year":"2023","unstructured":"Susanne\u00a0Barkhald Sandberg, Aida Akbarzadeh, and Vasileios Gkioulos. 2023. Effects of organizational cyber security culture across the energy sector supply chain. In European Symposium on Research in Computer Security. Springer, 5\u201324."},{"key":"e_1_3_3_3_70_2","doi-asserted-by":"crossref","unstructured":"S\u00fcleyman Sava\u015f Serkan &\u00a0Karata\u015f. 2022. Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review 3 7\u201324.","DOI":"10.1365\/s43439-021-00045-4"},{"key":"e_1_3_3_3_71_2","doi-asserted-by":"crossref","unstructured":"Stef Schinagl and Abbas Shahim. 2020. What do we know about information security governance? \u201cFrom the basement to the boardroom\u201d: Towards digital security governance. Information & Computer Security 28 2 (2020) 261\u2013292.","DOI":"10.1108\/ICS-02-2019-0033"},{"key":"e_1_3_3_3_72_2","doi-asserted-by":"crossref","unstructured":"Justin Short John D\u2019Arcy and Yili Hong. 2024. Chief Information Officers (CIOs) joining outside boards of directors: Impact on their home firms\u2019 cybersecurity. Available at SSRN 4750083 (2024).","DOI":"10.2139\/ssrn.4750083"},{"key":"e_1_3_3_3_73_2","doi-asserted-by":"crossref","unstructured":"Sergeja Slapni\u010dar Tina Vuko Marko \u010cular and Matej Dra\u0161\u010dek. 2022. Effectiveness of cybersecurity audit. International Journal of Accounting Information Systems 44 (2022) 100548.","DOI":"10.1016\/j.accinf.2021.100548"},{"key":"e_1_3_3_3_74_2","doi-asserted-by":"crossref","unstructured":"Nadia Smaili Cam\u00e9lia Radu and Amir Khalili. 2023. Board effectiveness and cybersecurity disclosure. Journal of Management and Governance 27 1049\u20131071.","DOI":"10.1007\/s10997-022-09637-6"},{"key":"e_1_3_3_3_75_2","unstructured":"Telstra Corporation Limited. 2017. The Five Knows of Cyber Security. https:\/\/www.telstra.com.au\/content\/dam\/tcom\/business-enterprise\/security-services\/pdf\/5-knows-of-cyber-security.pdf Accessed: 2025-12-02."},{"key":"e_1_3_3_3_76_2","doi-asserted-by":"crossref","unstructured":"Nadia Toumi Ramzi Benkraiem and Amal Hamrouni. 2016. Board director disciplinary and cognitive influence on corporate value creation. Corporate Governance 16 3 (2016) 564\u2013578.","DOI":"10.1108\/CG-09-2015-0123"},{"key":"e_1_3_3_3_77_2","doi-asserted-by":"crossref","unstructured":"Betsy Uchendu Jason\u00a0RC Nurse Maria Bada and Steven Furnell. 2021. Developing a cyber security culture: Current practices and future needs. Computers & Security 109 (2021) 102387.","DOI":"10.1016\/j.cose.2021.102387"},{"key":"e_1_3_3_3_78_2","doi-asserted-by":"crossref","unstructured":"Subhan Ullah Sardar Ahmad Saeed Akbar Devendra Kodwani and Jane Frecknall-Hughes. 2021. Governance disclosure quality and market valuation of firms in UK and Germany. International Journal of Finance & Economics 26 4 (2021) 5031\u20135055.","DOI":"10.1002\/ijfe.2053"},{"key":"e_1_3_3_3_79_2","doi-asserted-by":"crossref","unstructured":"Leo Van\u00a0Audenhove and Karen Donders. 2019. Talking to people III: Expert interviews and elite interviews. The Palgrave handbook of methods for media policy research (2019) 179\u2013197.","DOI":"10.1007\/978-3-030-16065-4_10"},{"key":"e_1_3_3_3_80_2","unstructured":"Sabine Vollmer. 2017. Building a more effective board. Journal of Accountancy 224 2 (2017)."},{"key":"e_1_3_3_3_81_2","doi-asserted-by":"publisher","DOI":"10.1145\/3706598.3713220"},{"key":"e_1_3_3_3_82_2","doi-asserted-by":"crossref","unstructured":"Andreas Witzl and Herwig Reiter. 2012. The problem-centred interview: Principles and practice.","DOI":"10.4135\/9781446288030"},{"key":"e_1_3_3_3_83_2","volume-title":"Principles for board governance of cyber risk","author":"Forum World Economic","year":"2021","unstructured":"World Economic Forum. 2021. Principles for board governance of cyber risk. World Economic Forum. https:\/\/www.weforum.org\/whitepapers\/principles-for-board-governance-of-cyber-risk"},{"key":"e_1_3_3_3_84_2","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384761"}],"event":{"name":"CHI 2026: CHI Conference on Human Factors in Computing Systems","location":"Barcelona Spain","acronym":"CHI '26","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772318.3791142","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T10:06:19Z","timestamp":1776420379000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772318.3791142"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,13]]},"references-count":83,"alternative-id":["10.1145\/3772318.3791142","10.1145\/3772318"],"URL":"https:\/\/doi.org\/10.1145\/3772318.3791142","relation":{},"subject":[],"published":{"date-parts":[[2026,4,13]]},"assertion":[{"value":"2026-04-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}