Cyber risk management: Theories, frameworks, models, and practices

Cheryl Ann Alexander, Lidong Wang

Article ID: 3118
Vol 3, Issue 1, 2025
DOI: https://doi.org/10.54517/cte3118
Received: 2 December 2024; Accepted: 7 March 2025; Available online: 14 March 2025; Issue release: 31 March 2025


Download PDF

Abstract

Cyber risks have been a major concern even if more advanced technologies have been used to deter or mitigate cyberattacks. Much research has been conducted in the areas of cyber risks and cybersecurity. Handling cyber risks needs the specific support of the theories, frameworks, and models of cyber risk management. This paper introduces theories for managing cyber risks, frameworks for handling cyber risks, models for managing cyber risks, and cyber risk management and practices. Cyber risk management and threat intelligence provide their technologies and standards. Healthcare organizations must provide robust cybersecurity procedures. Big data analytics, artificial intelligence (AI)/machine learning (ML)/deep learning (DL), etc., have thus far offered significant advances in cybersecurity for healthcare agencies. This paper will also present a case study of managing cyber risks, which will demonstrate how successful these theories, frameworks, models, and practices have been in healthcare. This paper is not a more in-depth qualitative or quantitative analysis but focuses on identifying, justifying, and describing certain key issues regarding cyber risks.


Keywords

cybersecurity; cyber risks; deep learning (DL); game theoretic approach (GTA); goal and effect (G&E) model; threat intelligence; healthcare


References

  1. MITRE Corporation. MITRE systems engineering guide—risk identification. MITRE Corporation; 2021.
  2. National Institute of Standards and Technology (NIST). Security and privacy controls for information systems and organizations (NIST Special Publication 800-53, Revision 5). NIST; 2020.
  3. Öbrand L, Holmström J, Newman M. Navigating Rumsfeld’s quadrants: A performative perspective on IT risk management. Technology in Society. 2018; 53: 1-8. doi: 10.1016/j.techsoc.2018.09.009
  4. Gonzalez-Granadillo G, Menesidou SA, Papamartzivanos D, et al. Automated Cyber and Privacy Risk Management Toolkit. Sensors. 2021; 21(16): 5493. doi: 10.3390/s21165493
  5. Kamiya S, Kang JK, Kim J, et al. Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics. 2021; 139(3): 719-749. doi: 10.1016/j.jfineco.2019.05.019
  6. Martins AM, Moutinho N. Stock-Term market impact of major cyber-attacks: Evidence for the ten most exposed insurance firms to cyber risk. Finance Research Letters. 2025; 71: 106361. doi: 10.1016/j.frl.2024.106361
  7. Wu ZM, Luo J, Fang X, et al. Modeling multivariate cyber risks: deep learning dating extreme value theory. Journal of Applied Statistics. 2023; 50(3): 610-630. doi: 10.1080/02664763.2021.1936468
  8. Sun P, Wan Y, Wu Z, et al. A survey on privacy and security issues in IoT-based environments: Technologies, protection measures and future directions. Computers & Security. 2025; 148: 104097. doi: 10.1016/j.cose.2024.104097
  9. Kandasamy K, Srinivas S, Achuthan K, et al. IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP Journal on Information Security. 2020; 2020(1). doi: 10.1186/s13635-020-00111-0
  10. Akinwumi DA, Iwasokun GB, Alese BK, et al. A review of game theory approach to cyber security risk management. Nigerian Journal of Technology. 2018; 36(4): 1271. doi: 10.4314/njt.v36i4.38
  11. Zarreh A, Wan H, Lee Y, et al. Risk Assessment for Cyber Security of Manufacturing Systems: A Game Theory Approach. Procedia Manufacturing. 2019; 38: 605-612. doi: 10.1016/j.promfg.2020.01.077
  12. Sharma BB, Kumar R, Sharma R. Enhancing Smart Grid Efficiency: The Role of IoT Blockchain and Fuzzy Set Theory. In: Optimization, Machine Learning, and Fuzzy Logic: Theory, Algorithms, and Applications. IGI Global Scientific Publishing; 2025. pp. 261-296.
  13. Li T, Sun J, Fei L. Dempster-Shafer theory in emergency management: a review. Natural Hazards. 2025; 1-28. doi: 10.1007/s11069-024-07096-w
  14. Ksibi S, Jaidi F, Bouhoula A. A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach. Mobile Networks and Applications. 2023; 28(1): 107-127. doi: 10.1007/s11036-022-02042-1
  15. Shankar DD, Azhakath AS, Khalil N, et al. Data mining for cyber biosecurity risk management – A comprehensive review. Computers & Security. 2024; 137: 103627. doi: 10.1016/j.cose.2023.103627
  16. National Institute of Standards and Technology (NIST). The NIST privacy framework: A tool for improving privacy through enterprise risk management. NIST; 2020
  17. Facchinetti S, Osmetti SA, Tarantola C. A statistical approach for assessing cyber risk via ordered response models. Risk Analysis. 2024; 44(2): 425-438. doi: 10.1111/risa.14186
  18. Kia AN, Murphy F, Sheehan B, et al. A cyber risk prediction model using common vulnerabilities and exposures. Expert Systems with Applications. 2024; 237: 121599. doi: 10.1016/j.eswa.2023.121599
  19. Ahn MK, Kim YH, Lee JR. Hierarchical Multi-Stage Cyber Attack Scenario Modeling Based on G&E Model for Cyber Risk Simulation Analysis. Applied Sciences. 2020; 10(4): 1426. doi: 10.3390/app10041426
  20. Preston WC. Modern data protection. O'Reilly Media, Inc.; 2021.
  21. National Institute of Standards and Technology (NIST). Risk management framework for information systems and organizations: A system life cycle approach for security and privacy (NIST Special Publication 800-37, Revision 2). NIST; 2018.
  22. El Amin H, Samhat AE, Chamoun M, et al. An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure. Journal of Cybersecurity and Privacy. 2024; 4(2): 357-381. doi: 10.3390/jcp4020018
  23. Chiaradonna S, Jevtić P, Lanchier N. Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach. Risk Analysis. 2023; 43(12): 2450-2485. doi: 10.1111/risa.14127
  24. Walshe N, Ryng S, Drennan J, et al. Situation awareness and the mitigation of risk associated with patient deterioration: A meta-narrative review of theories and models and their relevance to nursing practice. International Journal of Nursing Studies. 2021; 124: 104086. doi: 10.1016/j.ijnurstu.2021.104086
  25. Samhan B. Can cyber risk management insurance mitigate healthcare providers’ intentions to resist electronic medical records? International Journal of Healthcare Management. 2020; 13(1): 12-21. doi: 10.1080/20479700.2020.1412558
  26. Shanmugavelu R, Ravi V. Enhancing Security in Healthcare Frameworks using Optimal Deep Learning-based Attack Detection and Classification for Medical Wireless Sensor Networks. Engineering, Technology & Applied Science Research. 2025; 15(2): 21197-21202. doi: 10.48084/etasr.9741

Refbacks

  • There are currently no refbacks.


Copyright (c) 2025 Author(s)

License URL: https://creativecommons.org/licenses/by/4.0/
Guidelines
For authors For reviewers For editors
Useful Links
Crossref Similarity Check Creative Commons
About
About the publisher Other journals Contact
©Copyright 2019 - 2025 by Asia Pacific Academy of Science Pte. Ltd. All Rights Reserved
Privacy Policy Open Access Disclaimer