Cybersecurity systems are crucial for safeguarding information assets across various sectors, including government, military, and commercial domains. In Saudi Arabia, cybersecurity has gained significant importance within the national security strategy, resulting in substantial investments in technologies to protect information assets, combat cyber threats, and preserve privacy. In light of Protection Motivation Theory, it is assumed that evaluating the performance of cybersecurity policies and measures (threat appraisal) is vital for their effective implementation (coping appraisal). This study focuses on evaluating the cybersecurity performance of Saudi universities. Employing a mixed-methods design, the study utilizes questionnaires and interviews to collect data. The participants include representatives from 10 Saudi universities, with 107 respondents for the questionnaire phase and 20 participants for the interviews. Diverse job categories and levels within the universities are represented to gather valuable insights from individuals with expertise in cybersecurity and Total Quality Management (TQM) processes. Findings showed that there is room for improvement in the cybersecurity practices of Saudi universities. Only a minority of participants reported regular risk assessments and timely addressing of identified risks. Additionally, participants expressed concerns about the lack of well-defined policies and procedures, insufficient training and awareness programs, and non-compliance with cybersecurity regulations and standards. A significant percentage of participants rated their organization's cybersecurity performance as average or poor. However, the majority of participants affirmed the importance of cybersecurity in relation to strategic objectives and Total Quality Management. The study stressed the need for comprehensive approaches to cybersecurity, including risk assessment, policy development, training, compliance, and continuous monitoring.