The study is aimed to analyze the barriers to address the cyber security challenges.  Research design includes examination of literature, data collection and analysis. It uses Interpretive Structural Modeling (ISM) technique with Matriced' Impacts Croise's Multiplication Appliquée a UN Classement (MICMAC). It is a qualitative approach to structure poorly articulated relations of elements of complex systems. Results of literature review show that there are total 18 barriers to address cyber security challenges. ISM generated a four level model i.e. barriers namely: ‘collaborative barriers’, ‘data management’, ‘performance barriers’, ‘costs associated cyber threats and vulnerabilities’, ‘lack of documented processes’, ‘inappropriate cyber security policies’, ‘cyber terrorism’, ‘system migration vulnerabilities’, ‘complex operating system updates’ and ‘under-enforced cyber security policies’ at top level; ‘legal complication’ at bottom level; remaining barriers at middle of model. Legal complication is the most critical barrier to address cyber security challenges. Barriers occupying middle part of model having moderate criticalness accordingly that on top have less criticalness. MICMAC analysis shows that ‘legal complications’ is independent whereas ‘system migration vulnerabilities’ is dependent, remaining all sixteen barriers are linking and no barrier is autonomous. The study has impactful practical implications for: internet service providers who can understand barriers and take informed decisions to plug the loops/incorporate counter solutions/checks; software vendors who can understand complex relations among barriers and create better built-in security checks; industry/companies across economy who understand barriers and better formulate corporate policies to prevent data and systems; individual users who will become well aware of issues of era of digitization; research community by way of providing theoretical framework for future researches. It also has implications for governments who can better understand cyber-security issues and formulate better policies, fool proof cyber-law, codes for criminal and civil matters concerning the cyber-security. This study will also help governments to prioritize the key barriers/issues and to handle with order of preference. It provides foundations for designing quantitative studies testing hypothesized mediation and/or moderation. It also has theoretical implications by extending the frontiers of knowledge and information about the phenomenon of cyber-security. The study also has some methodological, data and resources limitations. Methodological limitations include: qualitative with inductive approach in the era of quantitative approaches, answering what is related to what without cause and quantification, dispensing with transitive links in model and using majority rule contrary to consensus for aggregation. Data limitations include: review of limited amount of literature, collection of data from relatively small number of respondents (medium size of panel of experts), taking data on matrix questionnaire containing large number of pairs of relations by simultaneous evaluation. Limitations of resources include: limited time and lack of any financial support. It is an original study since it is conducted in real time field setting addressing highly practical angles of a unique topic in a simple but a novel way. It uses original data, well established methods, techniques and procedures and contributes new knowledge towards the domain in form of structural model, classification of barriers and related information. It is useful for internet service providers, software vendors, industry/companies across economy, individual users, governments and research community.