Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception

Simon Parkin, Kristen Kuhn, Siraj Ahmed Shaikh

Research output: Contribution to journalArticlepeer-review

17 Downloads (Pure)


The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in networked supply chains, and emerging technologies. Moreover, engaging organizational leadership to assess for risk management is also difficult. This paper reports on a scenario-driven, workshop-based study undertaken with executive leadership to assess for cybersecurity and cyber-risk perception related to preparation for, and response to, potential incidents. The study involves leadership members at a large public–private organization. Our approach utilizes scenarios, which are structured in their design to explore and analyse aspects of business risk, risk ownership, technological complexity, and uncertainty faced by an organizational leadership. The method offers a means to engage with leadership at real-world organizations, capturing capacity and insights to manage business risks due to cyberattacks.
Original languageEnglish
Number of pages13
JournalJournal of Cybersecurity
Issue number1
Early online date21 Aug 2023
Publication statusE-pub ahead of print - 21 Aug 2023

Bibliographical note

© The Author(s) 2023. Published by Oxford University Press. This is an Open Access article distributed under the terms of the Creative Commons Attribution License
(https://creativecommons.org/licenses/by/4.0/), which permits unrestricted reuse, distribution, and reproduction in any medium, provided the original work is properly cited


  • Security management
  • Decision making
  • Business continuity
  • Risk analysis


Dive into the research topics of 'Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception'. Together they form a unique fingerprint.
  • CR4B: Cyber Readiness for Boards Project

    Carr, M., Sasse, A., Parkin, S., Moore, T., Hoepner , A., Shaikh, S. & Kuhn, K.


    Project: Research

Cite this