Abstract
This chapter gives an all-inclusive view of cybersecurity risk. The main aim of this chapter is to explain what cybersecurity risk entails. This chapter starts by describing why cybersecurity risk is vital to organizations. The authors explain cybersecurity, vulnerabilities, and common cyber threats/attacks. This chapter also highlights some literature on cybersecurity risks in different sectors and gives an idea about the numerous cyber-attacks during the COVID-19 pandemic. The other sections of this chapter explain risk, risk assessment methods/approaches used in determining the level and type of risk, and risk management frameworks alongside examples from literature and how they were employed to manage risks. Finally, this chapter concludes with the role of organizations in handling and managing cybersecurity risks and the steps governments, organizations, stakeholders, and individuals should take when trying to mitigate or manage cybersecurity risks now and in the future.
TopBackground
Cyber Security
This can be defined as the state of being safeguarded from unlawful or unauthorized use of electronic data, as well as the steps are taken to do so (Park, Shi, Zhang, Kontovas, & Chang, 2019). It is a field that aims to protect computer systems against attacks, which can include control systems, vital infrastructure, and technology transportation systems (Priyadarshini, 2018). Cybersecurity attacks can result in a variety of risks affecting vital infrastructure and continuation of business including production and performance deterioration, absence of vital services, and regulatory violations (Kure, Islam, & Razzaque, 2018).
Key Terms in this Chapter
Cyber Threats: A cyber threat or cybersecurity threat is a harmful act aimed at causing data damage, data theft, or disruption to digital life in general. Computer viruses, data breaches, DoS assaults, and other attack vectors are all examples of cyber dangers.
Risk: The likelihood of anything unpleasant occurring. Uncertainty regarding the effects/consequences of an activity on something that humans value, with a concentration on negative, unwanted outcomes, is referred to as risk.
Cybersecurity Risk: Cybersecurity risk refers to the possibility of being exposed, losing vital assets and sensitive information, or suffering reputational damage as a result of a cyberattack or breach within an organisation's network.
Cyber Attack: A cyber-attack is a cybercriminal attack that uses one or more computers to target a single or numerous computers or networks. A cyber-attack can be used to intentionally disable machines, steal data, or launch additional attacks from a compromised computer.
Cybersecurity: The practice of securing systems, networks, and programs from digital threats and attacks is known as cybersecurity. These cyberattacks are typically aimed at gaining access to, altering, or destroying sensitive data, extorting money from users, or disrupting normal corporate activities.
Risk Management Framework: Organisations utilize the Risk Management Framework as a blueprint and guideline for identifying, eliminating, and minimizing risks. It establishes a road map of activities and objectives relevant to risk (cybersecurity risk) management's primary duties.
Risk Management: It entails assessing risks and vulnerabilities, as well as taking administrative and thorough measures to ensure that a business is effectively secured. Traditional risk management principles are applied to digital systems and infrastructure in cybersecurity risk management.
Risk Assessment: Risk assessment is the process of determining what dangers are present in the workplace or may develop in the future. A risk assessment identifies which dangers in the workplace are most likely to harm employees and visitors.