A systematic review of cyber-resilience assessment frameworks

Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyber-resilience frameworks (CRF) have been proposed in literature, an increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a systematic literature review to identify extant research on CRFs. The analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis and thematic categorization, this paper makes a contribution by identifying CRFs as either strategic or operational, by the hierarchy of their decision influence, by the attacks addressed, and through the methods used and the places and institutions doing CRF research. As a result, this work presents an overview map of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.