Abstract The digital era has introduced information technology, driving the demand for organizations to protect their critical assets and resources. Cybersecurity concerns the protection of information systems from attack. Organizational resilience refers to a system’s ability to adapt to change, a modern concept that is increasingly significant in our continually evolving society and is particularly relevant in the context of cybersecurity. The organization’s ability to respond to cyberattacks and its mature resilience against successful attacks reflect the concept of resilient systems. This study presents a cyber-resilience management framework based on an exploratory multiple-case study analysis across four organizations and an analysis of existing cybersecurity literature. We propose a framework for investment decisions in cyber-resilience systems, based on derived context, that enables organizations to make informed investment decisions in cybersecurity. The outcomes provide key insights into the factors that influence managerial and investment decision-making in the development of cyber-resilient systems.
Barik et al. (Thu,) studied this question.