The Effectiveness of Security Management Systems in Public Organizations: A Cybersecurity Perspective
Purpose: This article aims to assess the effectiveness of security management systems in public organisations using statistical data and institutional reports, with particular emphasis on the relationship between the maturity of these systems and the level of threats, including cybersecurity threats and incidents. The article aims to fill a research gap in the empirical analysis of the actual functioning of security systems in the public sector. Design/Methodology/Approach: The research was conducted using triangulation of research methods. Statistical data from institutional reports, document analysis (control and audit reports), comparative methods and analysis of scientific literature on security management, risk management and organisational resilience were used. The main research problem was formulated as follows: to what extent does the maturity of security management systems affect the level of threats and the effectiveness of public organisations' responses? The research hypothesis was that public organisations with more mature security management systems have fewer security incidents, shorter response times, and greater organisational resilience than entities with fragmented or informal security systems. Findings: The study indicates a clear relationship between the maturity of security management systems and the level of risk in public organisations. Entities with integrated security systems, regular risk analyses, functioning audit mechanisms, and a developed security culture are characterised by fewer incidents (including cybersecurity incidents) and a higher effectiveness in responding to threats. Practical implications: The article contributes to research on security management in the public sector by empirically confirming the importance of system maturity for organisational resilience. Originality value: The results also have a practical dimension and can serve as a basis for improving security management systems and data-driven decision-making in public organisations.