Institutional Strategies for Cybersecurity in Higher Education Institutions

Abstract

Cybersecurity threats have grown exponentially, posing a heavy burden on organisations. Higher Education Institutions (HEIs) are particularly vulnerable, and their cybersecurity issues are receiving greater attention. However, existing research on cybersecurity has limited referencing value for HEI leaders and policy-makers because they are usually technology-focused. Publications that showcase best practices often lack system-wide perspectives towards cybersecurity in HEIs. Our paper, therefore, aims to bridge this literature gap and generate institutional cybersecurity strategies for HEI leaders and policy-makers from a system perspective. We first review how the cybersecurity landscape has evolved over the last few decades and its latest trends and projections for the next decade. By analysing these historical developments and new changes, we further illuminate the importance of strengthening HEI cybersecurity capacities. As we explore why HEIs face severe challenges to tackle the ever-escalating cyberattacks, we propose a system-wide approach to safeguard HEI cybersecurity and highlight the necessity to reassess prioritised areas. By taking an extensive literature review and desk research of methods that could respond to the cybersecurity vulnerabilities of the next decade, we synthesise our findings with a set of institutional strategies, with takeaways designed to equip HEIs better to address cybersecurity threats into the future. The strategies include: (1) Strengthening Institutional Governance for Cybersecurity; (2) Revisiting Cybersecurity KPIs; (3) Explicating Cybersecurity Policies, Guidelines and Mechanisms; (4) Training and Cybersecurity Awareness Campaigns to Build Cybersecurity Culture; (5) Responding to AI-based Cyber-threats and Harnessing AI to Enhance Cybersecurity; (6) Introduction of New and More Sophisticated Security Measures; (7) Paying Attention to Mobile Devices Use, Using Encryption as a Daily Practice; and (8) Risk Management. We believe that cybersecurity can be safeguarded throughout the new decade when these strategies are considered thoroughly and with the concerted effort of relevant HEI stakeholders.