Cyber resilience in firms, organizations and societies

Abstract Cyber resilience involves most societal actors, i.e. organizations, individuals, threat actors, governments, insurers, etc., at most levels of organization. Actors are embedded within each other and choose strategies based on beliefs and preferences which impact and is impacted by cyber resilience. The article reviews the literature, attempting to capture the core ingredients of cyber resilience. Non-threat actors seeking to obtain cyber resilience are distinguished from threat actors. Actors have resources, competence, technology, and tools. They make choices that impact the cyber resilience for all actors, including themselves. Cyber resilience relates to cyber insurance through entry requirements or preconditions for cyber contracts, need for various services such as incident response, data gathering, and cover limitations. Cyber resilience is linked to the internet of things which in the future can be expected to simplify life through artificial intelligence and machine learning, while being vulnerable through a large attack surface, insufficient technology, challenging handling of data, possible high trust in computers and software, and ethics.

[1]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[2]  Atle Refsdal,et al.  Cyber-Risk Management , 2015 .

[3]  Shauhin A. Talesh Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses , 2018, Law & Social Inquiry.

[4]  Tyler Moore,et al.  The economics of cybersecurity: Principles and policy options , 2010, Int. J. Crit. Infrastructure Prot..

[5]  Haoxiang Wang,et al.  Efficient IoT-based sensor BIG Data collection-processing and analysis in smart buildings , 2017, Future Gener. Comput. Syst..

[6]  Benjamin D. Trump,et al.  Defining, measuring, and enhancing resilience for small groups , 2019 .

[7]  Alexander Gutfraind,et al.  Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems , 2019, Eur. J. Oper. Res..

[8]  Fredrik Hult,et al.  What good cyber resilience looks like. , 2013, Journal of business continuity & emergency planning.

[9]  Enrico Zio,et al.  An adaptive robust framework for the optimization of the resilience of interdependent infrastructures under natural hazards , 2019, Eur. J. Oper. Res..

[10]  Dong Seong Kim,et al.  Resilience in computer systems and networks , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[11]  Ashley Matteson,et al.  Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA. , 2013, Journal of business continuity & emergency planning.

[12]  James H. Lambert,et al.  Resilience science, policy and investment for civil infrastructure , 2018, Reliab. Eng. Syst. Saf..

[13]  Lewis Herrington,et al.  The Future of Cyber-Resilience in an Age of Global Complexity , 2013 .

[14]  Dharma P. Agrawal,et al.  Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security , 2016 .

[15]  Nassim Nicholas Taleb,et al.  The Black Swan: The Impact of the Highly Improbable , 2007 .

[16]  Kjell Hausken,et al.  Security Investment, Hacking, and Information Sharing between Firms and between Hackers , 2017, Games.

[17]  Ulrik Franke,et al.  The cyber insurance market in Sweden , 2017, Comput. Secur..

[18]  Bruce Schneier,et al.  Insurance and the computer industry , 2001, CACM.

[19]  Sadie Creese,et al.  Mapping the coverage of security controls in cyber insurance proposal forms , 2017, Journal of Internet Services and Applications.

[20]  K. Hausken Income, interdependence, and substitution effects affecting incentives for security investment , 2006 .

[21]  Selvakumar Manickam,et al.  Phishing Dynamic Evolving Neural Fuzzy Framework for Online Detection Zero-day Phishing Email , 2013, ArXiv.

[22]  Therese Jones,et al.  Content analysis of cyber insurance policies: how do carriers price cyber risk? , 2019, J. Cybersecur..

[23]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[24]  Yutaka Ishibashi,et al.  An Efficient Algorithm for Media-based Surveillance System (EAMSuS) in IoT Smart City Framework , 2017, Future Gener. Comput. Syst..

[25]  Igor Linkov,et al.  Resilience of Cyber Systems with Over‐ and Underregulation , 2017, Risk analysis : an official publication of the Society for Risk Analysis.

[26]  Daniel W. Woods,et al.  Policy Measures and Cyber Insurance: A Framework , 2017 .

[27]  Nabil Hmina,et al.  Resilience assessment as a foundation for systems-of-systems safety evaluation: Application to an economic infrastructure , 2019, Safety Science.

[28]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[29]  Igor Linkov,et al.  Quantifying and mapping resilience within large organizations , 2019, Omega.

[30]  Haoxiang Wang,et al.  Computer and Cyber Security , 2018 .

[31]  Feng Jiang,et al.  Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security , 2020, IEEE Transactions on Sustainable Computing.