An exploratory study on changing demands placed on risk management, while taking into perspective the dynamics related to the cyber realm

Drones can shutdown airports and a global ransomware attack can paralyze an entire container terminal due to severe hick-ups in the IT systems. Complex and interconnected Information Technology systems (IT) as well as Operational Technology (OT) systems have become more and more embedded in the daily operations of companies. Cloud computing, Artificial Intelligence (AI) as well as the Internet of Things (IoT) are enlightening examples of technologies which create new business opportunities but also have a downside. The Organisation for Economic Co-operation and Development (OECD) proclaims in their Science, Technology and Industry (STI) scorecard: “Collectively they are enabling a future of ’smart everything’, and empowering businesses, consumers and society as a whole”.1 Although these technologies empower, the global dependence on the internet and connected digital technologies also have the potential to create (un)foreseen (global) shocks. Companies struggle to respond adequately to the often non-transparent challenges in the cyber realm, while these technologies are abused by criminals of other threat actors. In the Global Risks Report 2018 of the World Economic Forum, cyberattacks were ranked 3rd in the top 10 risks in terms of likelihood.2 It is an intensive process to keep the daily operations of organizations secure, adaptive and resilient. Traditional risk management practices have always been one of the bedrocks for internal organizations, by keeping risk profiles within boundaries. This research paper explores changing demands placed on risk management, taking into perspective the cyber realm dynamics. Starting off with conceptualizing some basic definitions of risk management and the cyber realm, this paper, looks at the distinctive features of the cyber realm. In addition, several challenges and developments in traditional risk management practices are identified. The presented results were collected via a literature review as well as via semi-structured qualitative interviews with security experts from multiple sectors in the Netherlands. Ultimately this paper will show that traditional risk management practices have to work at full stretch today to cope with the digital era. Although the traditional building blocks still remain in place, there are risk management practices changes visible. This paper lists nine specific modus operandi features, while managing cyber risks. Ultimately this explorations shows that risk practices are transforming and becoming more adaptive. 

 

Keywords: cyber risk, risk management, complex systems, uncertainty, adaptability, resilience 

 

Read PDF

 

 

  • A cybersecurity information sharing process for Storm Su...
    Master CS/Jeroen Gaiser
    >
  • A cybersecurity info...
    Master CS/Jeroen Gaiser
    >
  • A cybersecurity information sharing process for Storm Su...
    Master CS/Jeroen Gaiser
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • ConsensusPKI. Data driven public key ecosystem backed by...
    Master CS/Volkan Kaya
    >
  • ConsensusPKI. Data d...
    Master CS/Volkan Kaya
    >
  • ConsensusPKI. Data driven public key ecosystem backed by...
    Master CS/Volkan Kaya
    >
  • Evaluating server-side internet proxy detection methods
    Master CS/Hans Hoogstraaten
    >
  • Evaluating server-si...
    Master CS/Hans Hoogstraaten
    >
  • Evaluating server-side internet proxy detection methods
    Master CS/Hans Hoogstraaten
    >
  • Fake news, or framed news, that is the question
    Master CS/Elserike Looije
    >
  • Fake news, or framed...
    Master CS/Elserike Looije
    >
  • Fake news, or framed news, that is the question
    Master CS/Elserike Looije
    >
  • Fighting in the fifth dimension
    Master CS/John van Veenhuizen
    >
  • Fighting in the fift...
    Master CS/John van Veenhuizen
    >
  • Fighting in the fifth dimension
    Master CS/John van Veenhuizen
    >
  • Managing risks in the cyber realm: From a traditional to...
    Master CS/Emma Meines
    >
  • Managing risks in th...
    Master CS/Emma Meines
    >
  • Managing risks in the cyber realm: From a traditional to...
    Master CS/Emma Meines
    >
  • Multi-stakeholder roadmap for implementing consumer vuln...
    Master CS/Hinko Bastiaanse
    >
  • Multi-stakeholder ro...
    Master CS/Hinko Bastiaanse
    >
  • Multi-stakeholder roadmap for implementing consumer vuln...
    Master CS/Hinko Bastiaanse
    >
  • Public Private Partnership in the French National Cyber...
    Master CS/René Marchal
    >
  • Public Private Partn...
    Master CS/René Marchal
    >
  • Public Private Partnership in the French National Cyber...
    Master CS/René Marchal
    >
  • Public-Private Partnerships in Indian Industrial IoT.
    Master CS/Chandrasekhar Muppiri
    >
  • Public-Private Partn...
    Master CS/Chandrasekhar Muppiri
    >
  • Public-Private Partnerships in Indian Industrial IoT.
    Master CS/Chandrasekhar Muppiri
    >
  • The Design of a Risk Management Framework for Machine Le...
    Master CS/Antony Hibbert
    >
  • The Design of a Risk...
    Master CS/Antony Hibbert
    >
  • The Design of a Risk Management Framework for Machine Le...
    Master CS/Antony Hibbert
    >