in Large-Scale Initiatives
FEATURED PAPER
By Sreesudha Ayyalasomayajula
Michigan, USA
Abstract
Cybersecurity is no longer something that can be left entirely to technical teams. In large-scale initiatives, it has become a governance concern that directly shapes how projects are planned, delivered, and evaluated. As organizations increasingly depend on interconnected systems, cloud platforms, and external partners, cyber risks now influence not just system security but also delivery timelines, compliance obligations, stakeholder confidence, and long-term value.
This article examines cybersecurity from a project governance perspective. It argues that managing cyber risk effectively requires bringing it into decision-making spaces where trade-offs are made rather than treating it as a downstream technical issue. Based on project governance principles and practical realities, the discussion explores how cybersecurity can be integrated throughout the project lifecycle.
The article also reflects on the evolving responsibilities of project managers, sponsors, and governance bodies, emphasizing the need for visibility, accountability, and adaptability when dealing with cyber risks in complex initiatives.
- Introduction
Large-scale projects today rarely operate in isolation from digital systems. Whether it’s an infrastructure rollout, a business transformation program, or a public sector modernization effort, most initiatives depend heavily on interconnected platforms, data flows, and third-party integrations.
This dependence has quietly but fundamentally changed the nature of project risk.
While digitalization brings obvious benefits speed, scalability, and coordination. It also introduces vulnerabilities that are not always fully understood at the governance level. Cyber incidents are no longer just technical glitches. They can disrupt delivery timelines, invalidate assumptions, and damage trust well beyond the life of the project itself. In extreme cases, they can even force organizations to pause or redesign initiatives altogether.
Despite this, cybersecurity is still too often treated as something “handled elsewhere “usually by IT or security teams. The challenge is that key project decisions are made outside those teams, at governance levels where cybersecurity is not always visible. That disconnect creates risk.
This article argues that cybersecurity should be treated as part of project governance from the outset. When it is included in decision-making discussions, organizations are better positioned to understand trade-offs, anticipate issues earlier, and avoid costly surprises later.
More…
To read entire paper, click here
How to cite this paper: Ayyalasomayajula, S. (2026). Cybersecurity and Project Governance in Large-Scale Initiatives; PM World Journal, Vol. XV, Issue VI, June. Available online at https://pmworldjournal.com/wp-content/uploads/2026/06/pmwj165-Jun2026-Ayyalasomayajula-Cybersecurity-and-Project-Governance.pdf
About the Author
Sreesudha Ayyalasomayajula
Michigan, USA
Sreesudha Ayyalasomayajula is a PMI-certified project management professional with experience in delivering software projects within the automotive domain.
Her work focuses on applying practical, value-driven project management approaches in environments characterized by complexity, uncertainty, and rapid technological change. She has a particular interest in how project governance, agility, and emerging technologies intersect in real-world delivery contexts.
As an active learner and technology enthusiast, Sreesudha continuously explores developments in digital transformation and project management practices. Through her writing, she aims to bridge the gap between theory and practice by sharing insights that help practitioners adapt project management approaches to evolving challenges particularly in areas such as cybersecurity and governance in large-scale initiatives.
SreeSudha can be contacted at sreeayyala123@gmail.com
