TY - JOUR
T1 - Executive decision-makers
T2 - a scenario-based approach to assessing organizational cyber-risk perception
AU - Parkin, Simon
AU - Kuhn, Kristen
AU - Shaikh, Siraj A.
PY - 2023
Y1 - 2023
N2 - The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in networked supply chains, and emerging technologies. Moreover, engaging organizational leadership to assess for risk management is also difficult. This paper reports on a scenario-driven, workshop-based study undertaken with executive leadership to assess for cybersecurity and cyber-risk perception related to preparation for, and response to, potential incidents. The study involves leadership members at a large public-private organization. Our approach utilizes scenarios, which are structured in their design to explore and analyse aspects of business risk, risk ownership, technological complexity, and uncertainty faced by an organizational leadership. The method offers a means to engage with leadership at real-world organizations, capturing capacity and insights to manage business risks due to cyberattacks.
AB - The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in networked supply chains, and emerging technologies. Moreover, engaging organizational leadership to assess for risk management is also difficult. This paper reports on a scenario-driven, workshop-based study undertaken with executive leadership to assess for cybersecurity and cyber-risk perception related to preparation for, and response to, potential incidents. The study involves leadership members at a large public-private organization. Our approach utilizes scenarios, which are structured in their design to explore and analyse aspects of business risk, risk ownership, technological complexity, and uncertainty faced by an organizational leadership. The method offers a means to engage with leadership at real-world organizations, capturing capacity and insights to manage business risks due to cyberattacks.
KW - business continuity
KW - decision making
KW - risk analysis
KW - security management
UR - http://www.scopus.com/inward/record.url?scp=85169933794&partnerID=8YFLogxK
U2 - 10.1093/cybsec/tyad018
DO - 10.1093/cybsec/tyad018
M3 - Article
AN - SCOPUS:85169933794
SN - 2057-2085
VL - 9
JO - Journal of Cybersecurity
JF - Journal of Cybersecurity
IS - 1
M1 - tyad018
ER -