Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Simon Parkin; Kristen Kuhn; Siraj Shaikh

Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Simon Parkin, Kristen Kuhn, Siraj Shaikh

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

23 Downloads (Pure)

Abstract

The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

Original language	English
Title of host publication	Workshop on Usable Security and Privacy (USEC) 2021
Pages	(In-Press)
Publication status	Published - 7 May 2021
Event	Workshop on Usable Security and Privacy - Virtual, Auckland, New Zealand Duration: 7 May 2021 → 7 May 2021 http://www.usablesecurity.net/USEC/usec21/

Workshop

Workshop	Workshop on Usable Security and Privacy
Abbreviated title	USEC 2021
Country/Territory	New Zealand
City	Auckland
Period	7/05/21 → 7/05/21
Internet address	http://www.usablesecurity.net/USEC/usec21/

Access to Document

scenario_paper__USEC_2021_Final published version, 396 KB

http://www.usablesecurity.net/USEC/usec21/papers/usec2021_Simon_Parkin.pdf

Data-set for Cybersecurity Decision-making Exercise 2
Kuhn, K. (Contributor), Coventry University, 24 Apr 2022
Dataset

Cite this

@inproceedings{7424727271bf47e1890c97d9303f00d4,

title = "Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level",

abstract = "The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.",

author = "Simon Parkin and Kristen Kuhn and Siraj Shaikh",

year = "2021",

month = may,

day = "7",

language = "English",

isbn = "1891562738",

pages = "(In--Press)",

booktitle = "Workshop on Usable Security and Privacy (USEC) 2021",

note = "Workshop on Usable Security and Privacy , USEC 2021 ; Conference date: 07-05-2021 Through 07-05-2021",

url = "http://www.usablesecurity.net/USEC/usec21/",

}

TY - GEN

T1 - Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

AU - Parkin, Simon

AU - Kuhn, Kristen

AU - Shaikh, Siraj

PY - 2021/5/7

Y1 - 2021/5/7

N2 - The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

AB - The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

M3 - Conference proceeding

SN - 1891562738

SP - (In-Press)

BT - Workshop on Usable Security and Privacy (USEC) 2021

T2 - Workshop on Usable Security and Privacy

Y2 - 7 May 2021 through 7 May 2021

ER -

Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Abstract

Workshop

Access to Document

Fingerprint

Datasets

Data-set for Cybersecurity Decision-making Exercise 2

Cite this