Literature Review on Building Cyber Resilience Capabilities to Counter Future Cyber Threats: The Role of Enterprise Risk Management (ERM) and Business Continuity (BC)
The primary purpose of this paper is to critically explore the importance of building cyber resilience capabilities in organizations to counter future cyber threats. With the increasing sophistication and frequency of cyber-crimes, traditional security systems and techniques are no longer sufficient to combat them. To maintain business operations during and after a cyber-attack, it is essential to adopt a holistic approach to IT risks and create a robust cyber resilience program. The methodology adopted involved a systematic literature review on how Enterprise Risk Management (ERM) and Business Continuity (BC) contribute to building cyber resilience capabilities. The results showed that ERM and BC are critical components of cyber resilience and can help organizations identify, evaluate, and manage interruption risks. The paper concludes that organizations must maintain cyber resilience with efficient business continuity management and enterprise risk management frameworks as cyber hazards continue to increase.
Cite this paper
Assibi, A. T. (2023). Literature Review on Building Cyber Resilience Capabilities to Counter Future Cyber Threats: The Role of Enterprise Risk Management (ERM) and Business Continuity (BC). Open Access Library Journal, 10, e9882. doi: http://dx.doi.org/10.4236/oalib.1109882.
Goel, R., Kumar, A. and Haddow, J. (2020) PRISM: A Strategic Decision Framework for Cybersecurity Risk Assessment. Information & Computer Security, 28, 591-625. https://doi.org/10.1108/ICS-11-2018-0131
Quinn, S., Ivy, N., Chua, J., Barrett, M., Feldman, L., Topper, D. and Gardner, R.K. (2022) Using Business Impact Analysis to Inform Risk Prioritization and Response (No. NIST Internal or Interagency Report (NISTIR) 8286D (Draft)). National Institute of Standards and Technology, Gaithersburg.
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935699
https://doi.org/10.6028/NIST.IR.8286D.ipd
Carcary, M., Doherty, E. and Conway, G. (2019, July) A Framework for Managing Cybersecurity Effectiveness in the Digital Context. European Conference on Cyber Warfare and Security, Coimbra, 4-5 July 2019, 78-86.
https://books.google.com/books?hl=en&lr=&id=b8-hDwAAQBAJ&oi=fnd&pg=PA78&dq=cybersecurity and ERM and business continuity&ots=KPTYyCKryo&sig=Jin0UKnI_HZ5VhAG0Tn5WU0eKgs
Stine, K., Quinn, S., Witte, G. and Gardner, R. (2020) Integrating Cybersecurity and Enterprise Risk Management (ERM). National Institute of Standards and Technology, NIST Internal or Interagency Report (NISTIR), Gaithersburg, 8286.
https://complexdiscovery.com/wp-content/uploads/2020/03/NIST.IR_.8286.pdf
https://doi.org/10.6028/NIST.IR.8286
Andronache, A. (2019) Aligning Cybersecurity Management with Enterprise Risk Management in the Financial Industry. Doctoral Dissertation, Brunel University, London. https://bura.brunel.ac.uk/bitstream/2438/19040/1/FulltextThesis.pdf
Ghadge, A., Weiß, M., Caldwell, N.D. and Wilding, R. (2019) Managing Cyber Risk in Supply Chains: A Review and Research Agenda. Supply Chain Management: An International Journal, 25, 223-240. https://doi.org/10.2139/ssrn.3426030
https://www.researchgate.net/profile/Dr-Abhijeet-Ghadge/publication/334736415_Managing_cyber_risk_in_supply_chains_A_review_and_research_agenda/links/62040b49075f695e892d54d9/Managing-cyber-risk-in-supply-chains-A-review-and-research-agenda.pdf
Klucka, J. and Grünbichler, R. (2020) Enterprise Risk Management-Approaches Determining Its Application and Relation to Business Performance. Quality Innovation Prosperity, 24, 51-58. https://doi.org/10.12776/qip.v24i2.1467
https://www.qip-journal.eu/index.php/QIP/article/view/1467/1218
Niemimaa, M., Järveläinen, J., Heikkilä, M. and Heikkilä, J. (2019) Business Continuity of Business Models: Evaluating the Resilience of Business Models for Contingencies. International Journal of Information Management, 49, 208-216.
https://jyx.jyu.fi/bitstream/handle/123456789/66650/1/bc%20for%20bmshare.pdf
https://doi.org/10.1016/j.ijinfomgt.2019.04.010
Varga, S., Brynielsson, J. and Franke, U. (2021) Cyber-Threat Perception and Risk Management in the Swedish Financial Sector. Computers & Security, 105, Article ID: 102239. https://www.sciencedirect.com/science/article/pii/S0167404821000638
https://doi.org/10.1016/j.cose.2021.102239
Hunziker, S. (2021) Enterprise Risk Management: Modern Approaches to Balancing Risk and Reward. Springer, Berlin. https://doi.org/10.1007/978-3-658-33523-6
https://link.springer.com/content/pdf/10.1007/978-3-658-33523-6.pdf
Goldstein, M. and Flynn, S. (2022) Business Continuity Management Lessons Learned from COVID-19. Journal of Business Continuity & Emergency Planning, 15, 360-380.
https://www.ingentaconnect.com/content/hsp/jbcep/2022/00000015/00000004/art00007
Ali, J.A., Nasir, Q. and Dweiri, F.T. (2020) Business Continuity Framework for Internet of Things (IoT) Services. International Journal of System Assurance Engineering and Management, 11, 1380-1394.
https://doi.org/10.1007/s13198-020-01005-7
https://link.springer.com/article/10.1007/s13198-020-01005-7
Ghelani, D. (2022) Cyber Security, Cyber Threats, Implications and Future Perspectives: A Review. American Journal of Science, Engineering and Technology, 3, 12-19. https://doi.org/10.22541/au.166385207.73483369/v1
https://d197for5662m48.cloudfront.net/documents/publicationstatus/90321/preprint_pdf/bcff668d616b9c43ffde5be665cea136.pdf
Parraguez-Kobek, L., Stockton, P. and Houle, G. (2022) Cybersecurity and Critical Infrastructure Resilience in North America. In: Long, T. and Bersin, A., Eds., Forging a Continental Future, The North American Institutes, Washington DC, 217.
https://www.researchgate.net/profile/Penny-Bamber/publication/363863410_North_America_in_Global_Value_Chains/links/6332ed0886b22d3db4e880df/North-America-in-Global-Value-Chains.pdf#page=228
Kure, H.I., Islam, S. and Razzaque, M.A. (2018) An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences, 8, 898.
https://www.mdpi.com/2076-3417/8/6/898
https://doi.org/10.3390/app8060898
Bellini, E., Sargsyan, G. and Kavallieros, D. (2021) Cyber-Resilience. In: Shiaeles, S. and Kolokotronis, N., Eds., Internet of Things, Threats, Landscape, and Countermeasures, CRC Press, Boca Raton, 291-333.
https://doi.org/10.1201/9781003006152-8
https://www.taylorfrancis.com/chapters/edit/10.1201/9781003006152-8/cyber-resilience-bellini-sargsyan-kavallieros
Lee, I. (2020) Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet, 12, 157.
https://www.mdpi.com/1999-5903/12/9/157
https://doi.org/10.3390/fi12090157
Kleij, R.V.D. and Leukfeldt, R. (2019, July) Cyber Resilient Behavior: Integrating Human Behavioral Models and Resilience Engineering Capabilities into Cyber Security. In: Ahram, T. and Karwowski, W., Eds., International Conference on Applied Human Factors and Ergonomics, Springer, Berlin, 16-27.
http://activiteitgerichtwerken.nl/resources/publications/Kleij-Leukfeldt2020_Chapter_CyberResilientBehaviorIntegrat.pdf
https://doi.org/10.1007/978-3-030-20488-4_2
Papathanasiou, J., Belioka, M.P., Digkoglou, P. and Zopounidis, D. (2022, May) ERM-POP Model: Improving Government Initiatives towards Enterprise Risk Management Implementation. Proceedings of the 8th International Conference on Decision Support System Technology ICDSST 2022 on Decision Support Addressing Modern Industry, Business and Societal Needs, Vol. 8, 124.
https://books.google.co.ke/books?hl=en&lr=&id=7Kl3EAAAQBAJ&oi=fnd&pg=PA124&dq=Enterprise Risk Management (ERM) and Business Continuity to counter future Cyber Threats&ots=ozC9t4sbeM&sig=CM42-guvokrG1wTPc0rSerNv_Qk&redir_esc=y#v=onepage&q&f=false
Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M. (2018) Economic Impact of IoT Cyber Risk-Analysing Past and Present to Predict the Future Developments in IoT Risk Analysis and IoT Cyber Insurance. In: Living in the Internet of Things: Cybersecurity of the IoT—2018, Institution of Engineering and Technology, London, 1. https://doi.org/10.1049/cp.2018.0003
https://arxiv.org/ftp/arxiv/papers/1810/1810.10322.pdf
Settembre-Blundo, D., González-Sánchez, R., Medina-Salgado, S. and García-Muiña, F.E. (2021) Flexibility and Resilience in Corporate Decision Making: A New Sustainability-Based Risk Management System in Uncertain Times. Global Journal of Flexible Systems Management, 22, S107-S132.
https://link.springer.com/content/pdf/10.1007/s40171-021-00277-7.pdf?pdf=button
https://doi.org/10.1007/s40171-021-00277-7
Keskin, O.F., Caramancion, K.M., Tatar, I., Raza, O. and Tatar, U. (2021) Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports. Electronics, 10, 1168. https://doi.org/10.3390/electronics10101168
https://www.mdpi.com/2079-9292/10/10/1168/pdf?version=1620961080
Althonayan, A. and Andronache, A. (2019) Resiliency under Strategic Foresight: The Effects of Cybersecurity Management and Enterprise Risk Management Alignment. 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), Oxford, 3-4 June 2019, 1-9.
https://www.researchgate.net/profile/Alina-Andronache-2/publication/332094387_Resiliency_under_Strategic_Foresight_The_effects_of_Cybersecurity_Manage-ment_and_Enterprise_Risk_Management_Alignment/links/5d02be77a6fdccd130991fd7/Resiliency-under-Strategic-Foresight-The-effects-of-Cybersecurity-Management-and-Enterprise-Risk-Management-Alignment.pdf
https://doi.org/10.1109/CyberSA.2019.8899445
Lamine, E., Thabet, R., Sienou, A., Bork, D., Fontanili, F. and Pingaud, H. (2020) BPRIM: An Integrated Framework for Business Process Management and Risk Management. Computers in Industry, 117, Article ID: 103199.
https://www.sciencedirect.com/science/article/abs/pii/S0166361520300890
https://doi.org/10.1016/j.compind.2020.103199
Marotta, A. and McShane, M. (2018) Integrating a Proactive Technique into a Holistic Cyber Risk Management Approach. Risk Management and Insurance Review, 21, 435-452. https://doi.org/10.1111/rmir.12109
https://www.researchgate.net/profile/Michael-Mcshane-4/publication/329709919_Integrating_a_Proactive_Technique_Into_a_Holistic_Cyber_Risk_Management_Approach_A_Holistic_Cyber_Risk_Management_Approach/links/5efca43392851c52d60cc56f/Integrating-a-Proactive-Technique-Into-a-Holistic-Cyber-Risk-Management-Approach-A-Holistic-Cyber-Risk-Management-Approach.pdf
Jarjoui, S. and Murimi, R. (2021) A Framework for Enterprise Cybersecurity Risk Management. In: Daimi, K. and Peoples, C., Eds., Advances in Cybersecurity Management, Springer, Berlin, 139-161. https://doi.org/10.1007/978-3-030-71381-2_8
https://www.researchgate.net/profile/Renita-Murimi/publication/352435737_A_Framework_for_Enterprise_Cybersecurity_Risk_Management/links/629f40696886635d5cc6fdd0/A-Framework-for-Enterprise-Cybersecurity-Risk-Management.pdf