A systematic literature review on the adoption and effectiveness of cybersecurity frameworks in higher education institutions

Abstract

Purpose In light of the fast-paced digital transformation, this paper aims to examine the effectiveness and adoption of cybersecurity frameworks in higher education institutions (HEIs). Design/methodology/approach The methodological approach involved a systematic literature review that synthesized evidence from recent studies to classify and evaluate cybersecurity frameworks that are relevant to HEIs. Findings The study identifies three main types of frameworks, which are maturity and capability models, governance-based and collaborative structures, and technical and operational mechanisms. COBIT 5, Zero Trust and risk assessment models are frameworks that enhance institutional safety only when they are aligned with governance, resources, cultural norms and user experience. Persistent issues include fragmented adoption, minimal cooperation among educational institutions, and a preference for normative rather than alternative methods. Integrating ethical considerations and training with cognitive theory, as well as postincident learning mechanisms, are among the best practices. Research limitations/implications The limited number of empirical studies focusing on HEIs and the geographic preference for developed areas restrict the impact of the findings presented in this review. Practical implications The results offer practical advice for HEIs to implement tailored, holistic cybersecurity frameworks that address resilience, collaboration and culture adaptation beyond just compliance. Social implications HEIs should prioritize cybersecurity to protect their teaching, research and innovation, as well as intellectual capital and public trust. Originality/value This paper presents a methodical examination of cybersecurity management frameworks in HEIs, emphasizing both technical and socio-technical aspects, providing premise development for culturally sensitive and sustainable strategies.