Date of Conferral
Public Policy and Administration
The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination with a conceptual framework encompassing key dimensions influencing digital government. Data were collected using semistructured interviews with 10 public servants working in IT leadership positions in a municipal setting in Puerto Rico. Data analysis involved horizontalization, reduction, elimination, clustering, thematizing, validation, and development of individual and composite textural descriptions. Participants reported that the cybersecurity posture of their municipalities was resilient. Participants also reported that technological changes, politics, the economy, management support, and processes were key elements to achieve a resilient posture. Findings may be used to empower elected officials, policymakers, public servants, and practitioners to manage and improve elements affecting cybersecurity with the goal of achieving a resilient posture to deliver cybersecurity as a public good.