Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Simon Parkin; Kristen Kuhn; Siraj Shaikh

Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Simon Parkin, Kristen Kuhn, Siraj Shaikh

Delft University of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

166 Downloads (Pure)

Abstract

The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

Original language	English
Title of host publication	Workshop on Usable Security and Privacy (USEC) 2021
Pages	(In-Press)
Publication status	Published - 7 May 2021
Event	Workshop on Usable Security and Privacy - Virtual, Auckland, New Zealand Duration: 7 May 2021 → 7 May 2021 http://www.usablesecurity.net/USEC/usec21/

Workshop

Workshop	Workshop on Usable Security and Privacy
Abbreviated title	USEC 2021
Country/Territory	New Zealand
City	Auckland
Period	7/05/21 → 7/05/21
Internet address	http://www.usablesecurity.net/USEC/usec21/

Access to Document

scenario_paper__USEC_2021_Final published version, 396 KB

http://www.usablesecurity.net/USEC/usec21/papers/usec2021_Simon_Parkin.pdf

2 Finished

Enhancing Decision-Making about Cyber Risk: Perspectives from Maritime Security
Kuhn, K. (Principal Investigator)
20/01/20 → 24/11/22
Project: Thesis

File
CR4B: Cyber Readiness for Boards Project
Carr, M. (Principal Investigator), Sasse, A. (Co-Investigator), Parkin, S. (Co-Investigator), Moore, T. (Co-Investigator), Hoepner , A. (Co-Investigator), Shaikh, S. (Co-Investigator) & Kuhn, K. (Researcher)
1/09/18 → 30/09/21
Project: Research

1 Standard

CR4B Cybersecurity Simulation Exercise: Step-by-Step Guide
Shaikh, S., Parkin, S. & Kuhn, K., Sept 2021, 7 p. RISCS.
Research output: Other contribution › Standard

Open Access
File

Data-set for Cybersecurity Decision-making Exercise 2
Kuhn, K. (Creator), Coventry University, 24 Apr 2022
DOI: 10.57955/50c846e4-805e-44c3-97e3-10eef66f30c4
Dataset

Cite this

@inproceedings{7424727271bf47e1890c97d9303f00d4,

title = "Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level",

abstract = "The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.",

author = "Simon Parkin and Kristen Kuhn and Siraj Shaikh",

year = "2021",

month = may,

day = "7",

language = "English",

isbn = "1891562738",

pages = "(In--Press)",

booktitle = "Workshop on Usable Security and Privacy (USEC) 2021",

note = "Workshop on Usable Security and Privacy , USEC 2021 ; Conference date: 07-05-2021 Through 07-05-2021",

url = "http://www.usablesecurity.net/USEC/usec21/",

}

TY - GEN

T1 - Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

AU - Parkin, Simon

AU - Kuhn, Kristen

AU - Shaikh, Siraj

PY - 2021/5/7

Y1 - 2021/5/7

N2 - The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

AB - The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.

M3 - Conference proceeding

SN - 1891562738

SP - (In-Press)

BT - Workshop on Usable Security and Privacy (USEC) 2021

T2 - Workshop on Usable Security and Privacy

Y2 - 7 May 2021 through 7 May 2021

ER -

Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level

Abstract

Workshop

Access to Document

Fingerprint

Projects

Enhancing Decision-Making about Cyber Risk: Perspectives from Maritime Security

CR4B: Cyber Readiness for Boards Project

Research output

CR4B Cybersecurity Simulation Exercise: Step-by-Step Guide

Datasets

Data-set for Cybersecurity Decision-making Exercise 2

Cite this