Cybersecurity Leadership for Senior Executives of Thai Banking Firms

Cyber threat is one of the most important risks for banking firms. Leadership is one of the critical success factors for having effective cybersecurity. Baldrige Cybersecurity Excellence Builder framework identifies what leaders should do to ensure the effectiveness of cybersecurity in organization; however, the framework does not provide detail on approaches for the identified activities. This paper proposes approaches for bank executives to lead cybersecurity in Thai banking firms. The proposed leadership approaches were based on the leadership category from the Baldrige Cybersecurity Excellence Builder. The approaches for each item in the leadership category were synthesized from 2 popular cybersecurity frameworks, 4 cybersecurity standards, and 1 quality management system standard. The approaches were also complied with Bank of Thailand regulation and associated laws. The cybersecurity frameworks in this research included NIST Cybersecurity Framework and COBIT5. The cybersecurity standards being studied in this research are ISO/IEC 27001:2013, CIS Control 7.1, ISA 62443-2-1-2009 and NIST.SP.800-53 Revision 4. The proposed approaches also followed the quality management standard, ISO 9001:2015. The proposed leading approaches covered all leading items for leading effective cybersecurity, including mission-vision-value setting for cybersecurity, demonstration of cybersecurity commitment, commitment to legal and ethical behavior, communication and engagement with stakeholders, creation of environment for cybersecurity policies implementation, and focused on cybersecurity action to achieve the cybersecurity objectives. Following the proposed leadership approaches will not only ensure effectiveness of cybersecurity in banking operation, but also reduce risks and impacts on business loss from both internal and external cyber threats.