IDEAS home Printed from https://ideas.repec.org/a/eee/bushor/v69y2026i1p33-41.html

Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness

Author

Listed:
  • Chatterjee, Dave
  • Leslie, Anne

Abstract

The overwhelming nature of the cybersecurity challenge—exacerbated by continuously growing attack surfaces and artificial intelligence (AI)-enabled attacks—often drives organizations into a state of learned helplessness when employees and their leaders realize that no amount of preparedness can guarantee immunity against cyberattacks. This sense of inevitability demotivates organizational leadership from prioritizing cybersecurity readiness. The top often embraces the ignorance-is-bliss mindset, encouraging employees to do the bare minimum to achieve cybersecurity regulatory compliance. However, the consequences of not facing the challenge head-on, nor going above and beyond the compliance checklist, can be severe. In this article, we shed light on a whole-of-enterprise approach that focuses on engaging and optimally utilizing the competencies of individual organizational members. This human-factors-focused approach is based on the fundamental premise that cybersecurity readiness is everybody's business, so organizations must find ways to galvanize organization-wide support and commitment. Insights gained from in-depth interviews with business leaders and subject-matter experts revealed five characteristics of a human-centered whole-of-enterprise approach to cybersecurity preparedness: (1) enlightened and engaged leadership; (2) capitalizing on best intentions and creativity; (3) looking inward before looking outward; (4) getting ownership, responsibility, and accountability right; and (5) measuring the right thing and incentivizing the right behavior.

Suggested Citation

  • Chatterjee, Dave & Leslie, Anne, 2026. "Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness," Business Horizons, Elsevier, vol. 69(1), pages 33-41.
  • Handle: RePEc:eee:bushor:v:69:y:2026:i:1:p:33-41
    DOI: 10.1016/j.bushor.2024.10.009
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0007681324001538
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.bushor.2024.10.009?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Abraham, Chon & Chatterjee, Dave & Sims, Ronald R., 2019. "Muddling through cybersecurity: Insights from the U.S. healthcare industry," Business Horizons, Elsevier, vol. 62(4), pages 539-548.
    2. Benz, Michael & Chatterjee, Dave, 2020. "Calculated risk? A cybersecurity evaluation tool for SMEs," Business Horizons, Elsevier, vol. 63(4), pages 531-540.
    3. Mohit Sewak & Sanjay K. Sahay & Hemant Rathore, 2023. "Deep Reinforcement Learning in the Advanced Cybersecurity Threat Detection and Protection," Information Systems Frontiers, Springer, vol. 25(2), pages 589-611, April.
    4. Alsharida, Rawan A. & Al-rimy, Bander Ali Saleh & Al-Emran, Mostafa & Zainal, Anazida, 2023. "A systematic review of multi perspectives on human cybersecurity behavior," Technology in Society, Elsevier, vol. 73(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Arroyabe, Marta F. & Arranz, Carlos F.A. & Fernandez De Arroyabe, Ignacio & Fernandez de Arroyabe, Juan Carlos, 2024. "Exploring the economic role of cybersecurity in SMEs: A case study of the UK," Technology in Society, Elsevier, vol. 78(C).
    2. Wei Yu & Huiqin Huang & Xinyan Kong & Keying Zhu, 2023. "Can Digital Inclusive Finance Improve the Financial Performance of SMEs?," Sustainability, MDPI, vol. 15(3), pages 1-16, January.
    3. Chotia, Varun & Khoualdi, Kamel & Broccardo, Laura & Yaqub, Muhammad Zafar, 2025. "The role of cyber security and digital transformation in gaining competitive advantage through Strategic Management Accounting," Technology in Society, Elsevier, vol. 81(C).
    4. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    5. Idiano D’Adamo & Rocío González-Sánchez & Maria Sonia Medina-Salgado & Davide Settembre-Blundo, 2021. "E-Commerce Calls for Cyber-Security and Sustainability: How European Citizens Look for a Trusted Online Environment," Sustainability, MDPI, vol. 13(12), pages 1-17, June.
    6. Kung‐Cheng Ho & Shih‐Cheng Lee & Zikui Pan & Andreas karathanasopoulos, 2026. "How Does Cyber Risk Impact Systemic Stability?," Journal of Forecasting, John Wiley & Sons, Ltd., vol. 45(2), pages 589-604, March.
    7. Gundula Glowka & Richard Hule & Anita Zehrer, 2024. "Risk perception of SMEs: strategic risks, family-related risks, external risks," Risk Management, Palgrave Macmillan, vol. 26(4), pages 1-27, December.
    8. Sybren Kinderen & Monika Kaczmarek-Heß & Simon Hacks, 2025. "A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 67(4), pages 511-530, August.
    9. Le, Tran Duc & Le-Dinh, Thang & Uwizeyemungu, Sylvestre, 2024. "Search engine optimization poisoning: A cybersecurity threat analysis and mitigation strategies for small and medium-sized enterprises," Technology in Society, Elsevier, vol. 76(C).
    10. Falch, Morten & Olesen, Henning & Skouby, Knud Erik & Tadayoni, Reza & Williams, Idongesit, 2022. "Cybersecurity in SMEs in the Baltic Sea Region," 31st European Regional ITS Conference, Gothenburg 2022: Reining in Digital Platforms? Challenging monopolies, promoting competition and developing regulatory regimes 265624, International Telecommunications Society (ITS).
    11. Büyüközkan, Gülçin & Güler, Merve, 2025. "Cybersecurity maturity model: Systematic literature review and a proposed model," Technological Forecasting and Social Change, Elsevier, vol. 213(C).
    12. Kunxiang Dong & Lin Chen & Jie Zhen & Zongxiao Xie, 2025. "Security Investment Decisions for Healthcare Information Security Against Strategic Attacks," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 67(6), pages 913-937, December.
    13. Lee, In, 2021. "Cybersecurity: Risk management framework and investment cost analysis," Business Horizons, Elsevier, vol. 64(5), pages 659-671.
    14. Marife S. Briones & Althea L. Polestico & John Mark D. Tagalog & John Mark B. Lazaro, 2026. "The Effect of Social Media Engagement on Cybersecurity Behavior among Students of Hei's," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 10(4), pages 3696-3710, April.
    15. Xu, Gengxi & Li, Yugang & Liu, Shanshan & Ye, Zhuhong, 2026. "Cybersecurity risk and firm growth: Empirical evidence based on text analysis," The North American Journal of Economics and Finance, Elsevier, vol. 81(C).
    16. Tahereh Hasani & Norman O’Reilly & Ali Dehghantanha & Davar Rezania & Nadège Levallet, 2023. "Evaluating the adoption of cybersecurity and its influence on organizational performance," SN Business & Economics, Springer, vol. 3(5), pages 1-38, May.
    17. Pigola, Angélica & Da Costa, Priscila Rezende & Ferasso, Marcos & Cavalcanti da Silva, Luís Fabio, 2024. "Enhancing cybersecurity capability investments: Evidence from an experiment," Technology in Society, Elsevier, vol. 76(C).
    18. Meghisan-Toma Georgeta-Madalina & Nicula Vasile Cosmin, 2020. "ICT Security Measures for the Companies within European Union Member States – Perspectives in COVID-19 Context," Proceedings of the International Conference on Business Excellence, Sciendo, vol. 14(1), pages 362-370, July.
    19. Rice, John & Martin, Nigel, 2026. "Managing cybersecurity risks in Small businesses: A simulation-based decision framework," Technological Forecasting and Social Change, Elsevier, vol. 223(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:bushor:v:69:y:2026:i:1:p:33-41. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/bushor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.