Pema Choejey, David Murray and Chun Che Fung, Murdoch University, Australia

This paper presents the results of open-ended survey exploring the critical success factors for cybersecurity implementation in government organisations in Bhutan. Successful implementation of cybersecurity depends on a thorough understanding of cyber threats and challenges to the organisational information assets. It also depends on identification of a responsible, dedicated personnel to lead and direct cybersecurity initiatives. Furthermore, it is important to know the critical areas of cybersecurity activities for management to target, prioritise and execute. Understanding of what key things need to be done right by the responsible agency and its leader, at a particular time and in particular context, can lead to better decision making and resource optimisation including skills and knowledge. The survey findings indicate that, among other factors, awareness and training, policy and standards, and adequate financing and budgetary commitment to cybersecurity projects are three most important success factors. Channelling an organisation’s limited resources to these few factors is expected to enhance cybersecurity posture and its management. The research outcome has implications to both government and private organizations in Bhutan.

Cybersecurity, Critical Success Factors, Top Management, Awareness and Training