Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception

Simon Parkin, Kristen Kuhn, Siraj A. Shaikh

Research output: Contribution to journalArticleScientificpeer-review

7 Downloads (Pure)


The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in networked supply chains, and emerging technologies. Moreover, engaging organizational leadership to assess for risk management is also difficult. This paper reports on a scenario-driven, workshop-based study undertaken with executive leadership to assess for cybersecurity and cyber-risk perception related to preparation for, and response to, potential incidents. The study involves leadership members at a large public-private organization. Our approach utilizes scenarios, which are structured in their design to explore and analyse aspects of business risk, risk ownership, technological complexity, and uncertainty faced by an organizational leadership. The method offers a means to engage with leadership at real-world organizations, capturing capacity and insights to manage business risks due to cyberattacks.
Original languageEnglish
Article numbertyad018
JournalJournal of Cybersecurity
Issue number1
Publication statusPublished - 2023


  • business continuity
  • decision making
  • risk analysis
  • security management


Dive into the research topics of 'Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception'. Together they form a unique fingerprint.

Cite this