Trends and Challenges Regarding Cyber Risk Mitigation by CISOs—A Systematic Literature and Experts’ Opinion Review Based on Text Analytics

ABSTRACT

Background: Cyber security has turned out to be one of the main challenges of recent years. As the variety of system and application vulnerabilities has increased dramatically in recent years, cyber attackers have managed to penetrate the networks and infrastructures of larger numbers of companies, thus increasing the latter’s exposure to cyber threats. To mitigate this exposure, it is crucial for CISOs to have sufficient training and skills to help them identify how well security controls are managed and whether these controls offer the company sufficient protection against cyber threats, as expected. However, recent literature shows a lack of clarity regarding the manner in which the CISOs’ role and the companies’ investment in their skills should change in view of these developments. Therefore, the aim of this study is to investigate the relationship between the CISOs’ level of cyber security-related preparation to mitigate cyber threats (and specifically, the companies’ attitudes toward investing in such preparation) and the recent evolution of cyber threats. Methods: The study data are based on the following public resources (1) recent scientific literature;(2) cyber threat-related opinion news articles;and (3) OWASP’s reported list of vulnerabilities. Data analysis was performed using various text mining methods and tools. Results: The study’s findings show that although the implementation of cyber defense tools has gained more serious attention in recent years, CISOs still lack sufficient support from management and sufficient knowledge and skills to mitigate current and new cyber threats. Conclusions: The research outcomes may allow practitioners to examine whether the companies’ level of cyber security controls matches the CISOs’ skills, and whether a comprehensive security education program is required. The present article discusses these findings and their implications.