The increasing digitalization of smart circular economy (CE) systems intensifies reliance on interconnected cyber-physical infrastructures, thereby increasing exposure to cybersecurity risks that may affect operational continuity and regulatory compliance. This study proposes a Fuzzy Analytical Hierarchy Process (Fuzzy AHP)-based framework to systematically assess cybersecurity readiness in alignment with the ISO/IEC 27001:2022 Information Security Management System (ISMS) standard. The framework adopts a structured three-level hierarchy consisting of seven main criteria and 39 sub-criteria, derived from ISO/IEC 27001:2022 clause-based requirements and Annex A control families, and expanded with an additional regulatory criterion based on the Cyber Resilience Act (CRA) Requirements Standards Mapping. Expert judgments from ten specialists in cybersecurity and digital systems were elicited using linguistic assessments and converted into triangular fuzzy numbers to compute priority weights under uncertainty. The results indicate that ISMS governance and organizational context are the most influential determinants of cybersecurity readiness, followed by regulatory and compliance alignment, operational oversight, and technological controls, while organizational, human, and physical controls play supportive roles. Consistency and sensitivity analyses confirm the robustness and stability of the weighting structure. Overall, the framework provides a standards-aligned decision-support tool for prioritizing cybersecurity readiness in digitally intensive CE environments.
Alavi-Borazjani et al. (Wed,) studied this question.