Impact of Hybrid Work Environments on Organizational Cybersecurity in Canada: A Case Study of Royal Roads University
摘要
Grounded in socio-technical system (STS) theory, this qualitative single-case study on Royal Roads University (RRU) investigated the impact of hybrid work environments on organizational cybersecurity vulnerabilities and risk management in Canada by developing themes based on identified STS interactions. Findings indicate that the hybrid work model has not resulted in cybersecurity breach in RRU. This notable stability is attributed to continuous training and cybersecurity awareness, a culture that encourages non-punitive reporting of cyber incidents, multi-factor authentication (MFA) and cloud-based security platforms. However, training and risk management are not role-specific or hybrid-tailored, limiting the institution’s ability to address unique remote work risks. Despite its stability, RRU is yet to incorporate governance-driven cybersecurity, but rather it has over the years been practice-driven. Recommendations include adopting NIST CSF 2.0 for its GOVERN and Cybersecurity Supply Chain Risk Management functions to enhance risk governance, implementing hybrid-specific risk assessments, adopting formal BYOD policies with non-invasive compliance checks, and developing role-based training to address remote work vulnerabilities. The study contributes to scholarly discourse on corporate cybersecurity vulnerabilities and risk governance, while also establishing a foundation for future comparative studies across Canadian post-secondary institutions and other industry sectors.