Premium
Cyber risk management: History and future research directions
Author(s) -
Eling Martin,
McShane Michael,
Nguyen Trung
Publication year - 2021
Publication title -
risk management and insurance review
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.386
H-Index - 16
eISSN - 1540-6296
pISSN - 1098-1616
DOI - 10.1111/rmir.12169
Subject(s) - risk management , process (computing) , resilience (materials science) , focus (optics) , risk analysis (engineering) , enterprise risk management , security management , business , incarnation , computer science , computer security , process management , finance , philosophy , physics , theology , optics , thermodynamics , operating system
Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as “cyber risk management,” which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.