AbstractIn recent years, there has been an increasing interest in cybersecurity due to the significant impact of breaches on organizations. One of the topics frequently discussed in cybersecurity literature is the lack of preparedness in the face of cyber threats. Recent cyberattacks in the public and private sectors have demonstrated that traditional cybersecurity techniques are not always applicable to the numerous situations posed by the evolving cybersecurity landscape. One of the primary causes of this problem is the growing limitation of cybersecurity approaches. Many organizations assume that responsibility for cybersecurity rests only with the IT or security department, resulting in a limited risk-management strategy. Such an approach may produce a false sense of security, thus leaving companies with the belief that their infrastructure is protected.
This work introduced an innovative way of tackling this issue through an approach that ties together three different but interrelated security domains: cyber insurance, cybersecurity culture, and cybersecurity compliance. In particular, this study illustrated how cybersecurity could be broken into these three core areas and used together to manage cyber risk effectively. It further showed the correlations between these areas through a hybrid process of inductive and deductive thematic analysis to interpret relevant data. The methodological approach applied in this work combined data-driven and theory-driven codes based on recent works forming a scholarly portfolio of cybersecurity research. This method started with a staged process of data coding and progressed toward the identification of overarching themes that captured the phenomenon of cyber risk. This study examined the results through a qualitative and quantitative perspective in an effort to develop a holistic framework (the CYBER–CCI Framework). Finally, it offered insights into how the framework can be expanded to reach higher levels of risk reduction and improve security.
One of the main characteristics of the CYBER–CCI framework is that it establishes an objective measure of risk and its implications for the various business areas. Organizations can use this feature to estimate how much risk they can reduce and at what cost. As a result, the framework developed in this study provides a dynamic cybersecurity risk management model that allows enterprises to make it practically operational across the entire organization.
|Date of Award
|Mabrouka Abuhmida (Supervisor), Ian Wilson (Supervisor) & Ahmed Elmesiry (Supervisor)
- Cyber Risk
- Risk Reduction
- Cyber Insurance
- Cybersecurity Culture