Title:
From Compliance to Resilience: Reframing Cybersecurity Maturity Models for Executive Decision-making in Critical Infrastructure

Authors:
Dr. Robb Shawe, Dr. Gilbert B. Mengnjo, USA

Abstract:

Cybersecurity maturity models are widely used across critical infrastructure sectors to assess security posture and demonstrate alignment with regulatory and industry expectations. However, maturity results are frequently interpreted as compliance achievements rather than as resilience-relevant decision inputs for executives, boards, and policymakers. This article argues that cybersecurity maturity models realize their greatest value when reframed as executive decision-support mechanisms that link cybersecurity capabilities to enterprise risk, operational resilience, and supply chain interdependence. Drawing on critical-infrastructure contexts in healthcare supply chains and energy and smart-grid governance, the article proposes a resilience-oriented interpretive framework that transforms maturity outputs into governance-grade insights, including capability distribution, weakest-link exposure, prioritized investment logic, and continuous improvement pathways. The resulting contribution offers a practical and defensible approach for translating maturity assessments into board-level oversight, strategic planning, and risk-informed resource allocation in complex, interdependent infrastructure ecosystems.

DOI: http://dx.doi.org/10.51505/ijaemr.2026.1203