Title:
Governance Fragmentation and Cybersecurity Blind Spots in Critical Infrastructure Organizations

Authors:
Dr. Robb Shawe, Dr. Gilbert B. Mengnjo, USA

Abstract:

Cybersecurity failures in critical infrastructure organizations are frequently attributed to technical deficiencies, human error, or insufficient investment in security controls. While these factors contribute to risk, they often obscure a more profound and more persistent cause: fragmented governance structures that diffuse responsibility, weaken accountability, and create predictable cybersecurity blind spots. In large, complex organizations—particularly in healthcare and energy sectors—cybersecurity spans multiple functional domains, including information technology, operational technology, compliance, legal, procurement, and enterprise risk management. When governance authority and oversight are fragmented across these domains, no single entity retains visibility into system-level exposure. This qualitative, conceptual analysis examines governance fragmentation as a root cause of cybersecurity blind spots in critical infrastructure organizations. Drawing on governance and accountability theory, organizational design literature, and boundary-spanning concepts, the article explains how fragmented structures undermine oversight even in organizations that employ standardized assessments and maturity models. The study contributes a governance-centric explanation for persistent cyber risk and offers implications for redesigning accountability and oversight structures to reduce systemic exposure.

DOI: http://dx.doi.org/10.51505/ijaemr.2026.1204