Business Cybersecurity IT Insights: What is Cybersecurity Governance?

In its 2024 Global Risks Report, the World Economic Forum identifies cybersecurity failures among the top five most likely causes of worldwide material crises. Cybersecurity ranks fourth on the organization’s list of top short-term risks based on potential impact. Only climate change, misinformation campaigns, and increasing societal polarization pose more significant risks.

As the threat level rises, the demand for professionals with cybersecurity skills—such as risk analysis and information security—continues to grow. The talent gap currently exceeds four million cybersecurity professionals, underscoring the urgency for experts who can help keep governments, companies and individuals safe. 

Governance is an important focus area within the broader field of business cybersecurity because a company or organization’s success is closely tied to how effectively it manages its security efforts. This article defines business cybersecurity governance, spotlights popular career options in the field, and explains how the University of Tennessee (UT) combines business cybersecurity and governance expertise to help prepare students for this fast-paced field. It also explores the school’s online Master of Science in Business Cybersecurity, the degree program focused on the skills to succeed in business cybersecurity.

Business Cybersecurity Governance: An Overview

Corporate governance encompasses the overarching set of policies, procedures and relationships that keep companies aligned with the needs and interests of their primary stakeholders. Corporate governance frameworks enable a business to:

• Establish objectives 
• Set ethical boundaries on the acceptable means to meet those objectives  
• Monitor the achievement of objectives
• Reward achievements
• Discipline unsuccessful or inappropriate attempts to meet objectives

Cybersecurity governance refers to a company or organization’s strategic approach to controlling and managing cybersecurity. Business cybersecurity governance frameworks typically include rules, practices and processes related to: 

• Policy development: Rules for developing security policies, standards and procedures aligned with regulatory requirements and best practices
• Risk management: Processes facilitating regular risk assessments and the implementation of risk mitigation strategies 
• Leadership and accountability: A clear definition of roles and responsibilities relating to cyber risk management and decision-making in case of an emergency 
• Compliance: Processes to ensure adherence to relevant laws, regulations and standards
• Incident response and management: An incident response plan to follow should a cyber incident occur, including procedures for incident identification, containment, eradication, recovery and post-incident analysis
• Employee awareness and training: Processes to facilitate regular cybersecurity awareness training for all employees to promote secure behaviors and practices

Business Cybersecurity and Corporate Governance Career Options 

Business cybersecurity and corporate governance offer varied job opportunities to those with business and technical expertise. While some roles will focus strictly on governance (like cybersecurity governance and risk analyst or cybersecurity governance director), others have a broader focus while still including duties and responsibilities related to cybersecurity or corporate governance. 

Career options for professionals who wish to specialize in business cybersecurity governance include: 

• Information security analysts plan and execute security measures to protect an organization’s computer networks and systems. These professionals are in high demand, with the U.S. Bureau of Labor Statistics (BLS) expecting a 32% increase in employment through 2032. According to the BLS, information security analysts earn a median annual wage of around $120,000. 
• Cybersecurity risk analysts work to identify, assess and manage cyber risks. They may also develop and oversee risk management strategies and processes. On average, cybersecurity risk analysts earn a salary of almost $100,000. 
• Cybersecurity managers run security-related operations within their organizations. They supervise analysts and administrators, taking responsibility for the cybersecurity team while dealing with high-level security issues. According to PayScale, cybersecurity managers earn an average salary of around $137,000. 
• Compliance officers focus on cybersecurity to ensure their organization adheres to relevant cybersecurity regulations and standards. They also conduct audits and assessments to verify compliance. On average, compliance officers earn around $93,000 a year. 

These specialized positions require advanced cybersecurity and business knowledge and skills. Some job roles also require applicants to hold an advanced degree, like the Master of Science in Business Cybersecurity (MSBC) offered online by UT.   

Lending Their Expertise: UT Faculty Research Explores All Aspects of Corporate Governance 

At UT, you can learn from active researchers, directors, and business leaders with professional expertise and research interests. They include Ali Vedadi, an expert on the factors influencing a user’s security behavior. Yuan Li investigates the human side of IT to determine how opinions and attitudes affect adoption and what those decisions mean to society. Daniel Pienta specializes in cybersecurity governance and has published and presented on the topic. In addition to teaching, Pienta is a research fellow at UT’s Neel Corporate Governance Center.

Research Highlights: Introducing the Neel Corporate Governance Center

The Neel Center focuses on conducting and disseminating nationally recognized research on corporate governance. It spans disciplines from business to IT to social sciences, with faculty members collaborating to provide an interdisciplinary view on various topics, including audit and risk management, securities fraud and regulatory oversight. 

UT’s dedication to continued research on industry issues and their impact on society greatly benefits its students as professors bring real-world experience and the latest innovative thinking to the classroom. 

Related Cybersecurity IT Courses: A Closer Look at the UT Curriculum 

The UT online MSBC curriculum teaches students how to leverage cybersecurity foundations to inform business strategy. As part of the broader cybersecurity business curriculum, students take two courses that address this topic: Business Security Governance & Ethics and Organizational Security Management. 

Business Security Governance & Ethics

This course helps students understand the regulatory environment, governance and ethical issues related to cybersecurity. Students will learn how an organization can effectively control IT security and manage associated issues.

Organizational Security Management 

This course focuses on the human and organizational aspects of security and methods to mitigate risks associated with these areas. Students will use various tools, techniques and methods to assess organizational security practices and develop and communicate strategies to reduce overall cybersecurity risk.

Study Alongside the Cybersecurity Business Experts at UT 

If you’re interested in the critical field of business cybersecurity governance, consider earning your MSBC degree from UT to gain the skills and expertise needed to reach your career goals. Earning an MS in Business Cybersecurity at UT means studying alongside scholars and practitioners in cutting-edge research on business cybersecurity and governance. You’ll benefit from an industry-relevant curriculum and classes enhanced by faculty members’ real-world experience. 

To learn more about the UT online MSBC, request information online or contact an enrollment advisor. If you’re ready to take the next step, start (or complete) your application today.