Due to society’s increasing reliance on technology (e.g., financial transactions, critical infrastructure, globally-integrated supply chains, etc.), technological disruptions from cyberattacks can have profound implications for virtually all organizations and their stakeholders. In an effort to minimize cyber threats, governments and regulators have been deploying an increasingly comprehensive and complex landscape of regulations; however, the extent to which regulations actually facilitate, or harm, cybersecurity maturity remains nebulous. This research reports the findings of a qualitative study designed to help illuminate this problem space. We interviewed 12 high-ranking experts, associated with a variety of organizations and industries, and analyzed their responses to identify key factors emerging from the data. These factors were found to operate as either facilitators or impediments of cybersecurity maturity. In addition to identifying these factors, we discuss the implications of our findings, limitations, and avenues for future research
