INTEGRATING CYBERSECURITY RISK MANAGEMENT INTO STRATEGIC MANAGEMENT: A COMPREHENSIVE LITERATURE REVIEW

Year 2023, , 98 - 108, 30.09.2023

Filiz Mızrak

https://doi.org/10.17261/Pressacademia.2023.1807

Abstract

Purpose- This literature review aims to delve into the nexus between cybersecurity risk management and strategic management, comprehensively exploring how organizations weave risk management strategies into their broader strategies to safeguard digital assets and infrastructure against the backdrop of ever-evolving cyber threats.
Methodology- The review employs a qualitative methodology, synthesizing insights from a diverse selection of scholarly works encompassing cybersecurity, risk management, and strategic management. These insights are analyzed to unveil patterns and trends that highlight the integration of cybersecurity risk management within strategic organizational frameworks.
Findings- The review uncovers a critical interdependence between cybersecurity risk management and strategic management, showcasing how organizations formulate proactive measures to mitigate cyber risks while aligning them with overarching strategic goals. It also underscores the role of organizational culture, leadership commitment, and technological advancements in shaping effective cybersecurity risk management strategies.
Conclusion- The synthesis of scholarly findings accentuates the pivotal role of cybersecurity risk management in modern organizations. The review underscores the importance of fostering a strategic mindset towards cybersecurity, with a proactive approach that integrates risk management efforts within the broader organizational strategy. This not only shields digital assets but also promotes resilience, enabling organizations to thrive despite an increasingly dynamic and hostile digital landscape.

Keywords

Strategic management, cyber security, cyber risks, risk management, organizational strategy

References

• Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953.
• Alahmari, A., & Duncan, B. (2020, June). Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA) (pp. 1-5). IEEE.
• Alawida, M., Omolara, A. E., Abiodun, O. I., & Al-Rajab, M. (2022). A deeper look into cybersecurity issues in the wake of Covid-19: A survey. Journal of King Saud University-Computer and Information Sciences 34 (1), 8176–8206.
• AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K. K. R. (2022). The role of national cybersecurity strategies on the improvement of cybersecurity education. Computers & Security, 119, 102754.
• Belalcázar, A., Ron, M., Díaz, J., & Molinari, L. (2017, November). Towards a strategic resilience of applications through the NIST cybersecurity framework and the strategic alignment model (SAM). In 2017 International Conference on Information Systems and Computer Science (INCISCOS) (pp. 181-187). IEEE.
• Cheng, E. C., & Wang, T. (2022). Institutional strategies for cybersecurity in higher education institutions. Information, 13(4), 192-206.
• Cvitić, I., Peraković, D., Periša, M., & Botica, M. (2017). An overview of the cyber security strategic management in Republic of Croatia. In RCITD—Proceedings in research conference in technical disciplines (pp. 13-18). Zilina: EDIS—Publishing Institution of the University of Zilina.
• Del Giorgio Solfa, F. (2022). Impacts of Cyber Security and Supply Chain Risk on Digital Operations: Evidence from the Pharmaceutical Industry. International Journal of Technology, Innovation and Management (IJTIM), 2(2), 18-32
• Dupont, B. (2019). The cyber-resilience of financial institutions: significance and applicability. Journal of cybersecurity, 5(1), 1-17
• Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), 183-199.
• Ghafur, S., Grass, E., Jennings, N. R., & Darzi, A. (2019). The challenges of cybersecurity in health care: the UK National Health Service as a case study. The Lancet Digital Health, 1(1), 1-35
• Ghelani, D., Hua, T. K., & Koduru, S. K. R. (2022). Cyber Security Threats, Vulnerabilities, and Security Solutions Models in Banking. Authorea Preprints, 1(1), 1-12
• Giuca, O., Popescu, T. M., Popescu, A. M., Prostean, G., & Popescu, D. E. (2021). A survey of cybersecurity risk management frameworks. In Soft Computing Applications: Proceedings of the 8th International Workshop Soft Computing Applications (SOFA 2018), Vol. I 8 (pp. 240-272). Springer International Publishing.
• Goel, R., Kumar, A., & Haddow, J. (2020). PRISM: a strategic decision framework for cybersecurity risk assessment. Information & Computer Security, 28(4), 591-625.
• He, S., Ficke, E., Pritom, M. M. A., Chen, H., Tang, Q., Chen, Q., ... & Xu, S. (2022). Blockchain-based automated and robust cyber security management. Journal of Parallel and Distributed Computing, 163, 62-82.
• Jakka, G., Yathiraju, N., & Ansari, M. F. (2022). Artificial Intelligence in Terms of Spotting Malware and Delivering Cyber Risk Management. Journal of Positive School Psychology, 6(3), 6156-6165.
• Kabanov, I., & Madnick, S. (2021). Applying the Lessons from the Equifax Cybersecurity Incident to Build a Better Defense. MIS Quarterly Executive, 20(2), 109-125.
• Kizilcan, L. S., & Mizrak, K. C. (2022). Cyber Attacks In Civil Aviation And The Concept Of Cyber Security. IDEA STUDIES Journal. International Journal, 742, 752.
• Kumar, S., & Mallipeddi, R. R. (2022). Impact of cybersecurity on operations and supply chain management: Emerging trends and future research directions. Production and Operations Management, 31(12), 4488-4500.
• Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659-671.
• Manley, M. (2015). Cyberspace’s dynamic duo: Forging a cybersecurity public-private partnership. Journal of Strategic Security, 8(3), 85-98.
• Mizrak, K. C. (2021). A Research on Effect of Performance Evaluation and Efficiency on Work Life. In Management Strategies to Survive in a Competitive Environment: How to Improve Company Performance (pp. 387-400). Cham: Springer International Publishing.
• Mohamed Mizan, N. S., Ma’arif, M. Y., Mohd Satar, N. S., & Shahar, S. M. (2019). CNDS-cybersecurity: issues and challenges in ASEAN countries. International Journal of Advanced Trends in Computer Science and Engineering, 8(4), 113-119.
• Munaiah, N., Pelletier, J., Su, S. H., Yang, S. J., & Meneely, A. (2019, November). A cybersecurity dataset derived from the national collegiate penetration testing competition. In HICSS Symposium on cybersecurity big data analytics.
• Peterson, J., Haney, M., & Borrelli, R. A. (2019). An overview of methodologies for cybersecurity vulnerability assessments conducted in nuclear power plants. Nuclear Engineering and Design, 346, 75-84.
• Raimundo, R. J., & Rosário, A. T. (2022). Cybersecurity in the internet of things in industrial management. Applied Sciences, 12(3), 1598.
• Saad, M., Spaulding, J., Njilla, L., Kamhoua, C., Shetty, S., Nyang, D., & Mohaisen, A. (2019). Exploring the attack surface of blockchain: A systematic overview. arXiv preprint arXiv:1904.03487.
• Samtani, S., Abate, M., Benjamin, V., & Li, W. (2020). Cybersecurity as an industry: A cyber threat intelligence perspective. The Palgrave Handbook of International Cybercrime and Cyberdeviance, 135-154.
• Solfa, F. D. G. (2022). Impacts of Cyber Security and Supply Chain Risk on Digital Operations: Evidence from the Pharmaceutical Industry. International Journal of Technology, Innovation and Management (IJTIM), 2(2), 18-32.
• Thach, N. N., Hanh, H. T., Huy, D. T. N., & Vu, Q. N. (2021). technology quality management of the industry 4.0 and cybersecurity risk management on current banking activities in emerging markets-the case in Vietnam. International Journal for Quality Research, 15(3), 845-856.
• Tvaronavičienė, M., Plėta, T., Della Casa, S., & Latvys, J. (2020). Cyber security management of critical energy infrastructure in national cybersecurity strategies: Cases of USA, UK, France, Estonia and Lithuania. Insights into regional development, 2(4), 802-813.
• Wallis, T., & Dorey, P. (2023). Implementing Partnerships in Energy Supply Chain Cybersecurity Resilience. Energies, 16(4), 1868-1879