Explore the vast range of titles available.

Modern vehicles are increasingly interconnected through various communication channels, which requires secure access for authorized users, the protection of driver assistance and autonomous driving system data, and the assurance of data integrity against misuse or manipulation. While these advancements offer numerous benefits, recent years have exposed many intrusion incidents, revealing vulnerabilities and weaknesses in current systems. To sustain and enhance the performance, quality, and reliability of vehicle systems, software engineers face significant challenges, including in diverse communication channels, software integration, complex testing, compatibility, core reusability, safety and reliability assurance, data privacy, and software security. Addressing cybersecurity risks presents a substantial challenge in finding practical solutions to these issues. This study aims to analyze the current state of research regarding automotive cybersecurity, with a particular focus on four main themes: frameworks and technologies, standards and regulations, monitoring and vulnerability management, and testing and validation. This paper highlights key findings, identifies existing research gaps, and proposes directions for future research that will be useful for both researchers and practitioners.

Businesses are reliant on data to survive in the competitive market, and data is constantly in danger of loss or theft. Loss of valuable data leads to negative consequences for both individuals and organizations. Cybersecurity is the process of protecting sensitive data from damage or theft. To successfully achieve the objectives of implementing cybersecurity at different levels, a range of procedures and standards should be followed. Cybersecurity standards determine the requirements that an organization should follow to achieve cybersecurity objectives and facilitate against cybercrimes. Cybersecurity standards demonstrate whether an information system can meet security requirements through a range of best practices and procedures. A range of standards has been established by various organizations to be employed in information systems of different sizes and types. However, it is challenging for businesses to adopt the standard that is the most appropriate based on their cybersecurity demands. Reviewing the experiences of other businesses in the industry helps organizations to adopt the most relevant cybersecurity standards and frameworks. This study presents a narrative review of the most frequently used cybersecurity standards and frameworks based on existing papers in the cybersecurity field and applications of these cybersecurity standards and frameworks in various fields to help organizations select the cybersecurity standard or framework that best fits their cybersecurity requirements.

For the corporate sphere, cybersecurity becomes an inescapable business responsibility, and accountability becomes a way of providing trust and ensuring resilience against cyber risks and high-impact cyber threats. The purpose of this study was to create a disclosure index that allows analysis of the scope of the disclosure of voluntary and mandatory cybersecurity information. The content analysis technique used focuses on the examination and identification of the cybersecurity information revealed in the annual reports and the 20 F annual forms of the companies with the highest stock market prices in Argentina, Brazil, Chile, Colombia, Mexico, and Peru during the period of 2016–2020. Longitudinal analysis indicates an increase over time in the disclosures and scope of information. The findings highlight that the country with the highest related disclosure is Argentina; the most extensive disclosures are due to the financial sector; and the strategy dimension represents the greatest weight in the index score. The study provides a novel instrument for measuring the content of disclosure on cybersecurity that is applicable in any specific context. In this case, the scope of disclosure in Latin America—a region which, according to our research, does not have previous studies on the subject—is evaluated.

This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program to extend beyond awareness to influence and behaviour change. This paper presents an in-depth case study of Telstra a leading Australian telecommunication company with a well-resourced and mature cybersecurity influence program that evolved as a result of experience throughout the years. The paper adopts the psychological attachment theory to explain strategies (e.g. cybersecurity champion) implemented by Telstra influence team to influence employees to improve their security-related behaviour. The contribution of this paper represents the first step for a comprehensive practice-based guidance for organisations on how to transform their cybersecurity beyond awareness to influence behavioural change. This paper is based on both academic and industrial perspectives, and it provides a sound basis for future empirical work.

IS literature has identified various economic, performance, and environmental factors affecting cybersecurity investment decisions. However, economic modeling approaches dominate, and research on cybersecurity performance as an antecedent to investments has taken a backseat. Neglecting the role of performance indicators ignores real-world concerns driving actual cybersecurity investment decision-making. We investigate two critical aspects of cybersecurity performance: breach costs and breach identification source, as antecedents to cybersecurity investment decisions. We use organizational learning to theorize how performance feedback from these two aspects of cybersecurity breaches influences subsequent investment decisions. Using firm-level data on 722 firms in the UK, we find that higher breach costs are more likely to elicit increases in cybersecurity investments. This relationship is further strengthened if a third party identifies the breach instead of the focal firm. We contribute to the literature on cybersecurity investments and incident response. The findings stress the need for firms to analyze aspects of their cybersecurity performance and use them as feedback for investment decisions, making these decisions data-driven and based on firm-specific needs.

Purpose Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus on more strategic aspects of their work. Design/methodology/approach This study is an exploratory field study. The authors started by conducting a literature review to assess the possibility that AI tools can provide and how they can improve cybersecurity efficacy. Following this, the authors identified the specific core tasks for two cybersecurity work roles (technical and managerial) and searched for specific commercial tools that can perform each of the tasks. Then, the authors used the free ChatGPT 3.5 to list the current cybersecurity systems that use AI for the associated tasks, which the authors then reviewed with the tools’ documentation and websites to confirm these tasks were conducted or assisted by AI. Findings Results indicated that all 14 cybersecurity tasks of the technical work role are currently noted to be performed by commercial cybersecurity systems with AI-integrated capabilities, while only 11 of the 17 managerial work role tasks currently appear to be performed by AI. Practical implications The rapid integration of AI capabilities into commercial cybersecurity systems may suggest that the cybersecurity workforce must be currently trained on how to use AI tools in their daily operations, especially as it pertains to technical cybersecurity work roles. Social implications The cybersecurity workforce shortage is reported to exceed four million cybersecurity workers worldwide in 2023. Thus, further understanding of the role of AI in improving the efficiency of technical and managerial cybersecurity tasks is significant. Originality/value The value of this research lies in the initial assessment of the current AI capabilities of commercial cybersecurity systems, which will ultimately provide the “super-human” performances resulting from human-AI teaming.

The increasing digitisation of building automation and control systems (BACS) has led to a greater demand for robust cybersecurity measures. This paper describes a test environment developed to evaluate the cybersecurity of BACS. It includes various protocols, such as BACnet, KNX and DALI, as well as secure protocols like BACnet/SC. The test environment enables BACS security to be assessed under realistic operating conditions. A hackathon conducted in this environment identified critical vulnerabilities, including command injection, hardcoded credentials and denial-of-service risks. These findings emphasise the urgent need for enhanced security measures in BACS installations and highlight the importance of collaboration between IT and OT teams to ensure secure deployments.

Purpose Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness. Design/methodology/approach This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews. Findings Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness. Originality/value Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

The National Institute for Standards and Technology (NIST) Cybersecurity Framework has rapidly become a widely accepted approach to facilitating cybersecurity risk management within organizations. An insightful aspect of the NIST Cybersecurity Framework is its explicit recognition that the activities associated with managing cybersecurity risk are organization specific. The NIST Framework also recognizes that organizations should evaluate their cybersecurity risk management on a cost–benefit basis. The NIST Framework, however, does not provide guidance on how to carry out such a cost–benefit analysis. This article provides an approach for integrating cost–benefit analysis into the NIST Cybersecurity Framework. The Gordon–Loeb (GL) Model for cybersecurity investments is proposed as a basis for deriving a cost-effective level of spending on cybersecurity activities and for selecting the appropriate NIST Implementation Tier level. The analysis shows that the GL Model provides a logical approach to use when considering the cost–benefit aspects of cybersecurity investments during an organization’s process of selecting the most appropriate NIST Implementation Tier level. In addition, the cost–benefit approach provided in this article helps to identify conditions under which there is an incentive to move to a higher NIST Implementation Tier.

Integration of information technologies with power systems has unlocked unprecedented opportunities in optimization and control fields. Increased data collection and monitoring enable control systems to have a better understanding of the pseudo-real-time condition of power systems. In this fashion, more accurate and effective decisions can be made. This is the key towards mitigating negative impacts of novel technologies such as renewables and electric vehicles and increasing their share in the overall generation portfolio. However, such extensive information exchange has created cybersecurity vulnerabilities in power systems that were not encountered before. It is imperative that these vulnerabilities are understood well, and proper mitigation techniques are implemented. This paper presents an extensive study of cybersecurity concerns in Smart grids in line with latest developments. Relevant standardization and mitigation efforts are discussed in detail and then the classification of different cyber-attacks in smart grid domain with special focus on false data injection (FDI) attack, due to its high impact on different operations. Different uses of this attack as well as developed detection models and methods are analysed. Finally, impacts on smart grid operation and current challenges are presented for future research directions.