Abstract
This dissertation examines the organisational factors that predict faster recovery from cyber attacks, synthesising evidence from empirical studies, case analyses, and systematic reviews. As cyber incidents become increasingly prevalent and damaging, understanding what enables rapid restoration of operations represents a critical priority for practitioners and scholars alike. Through a comprehensive literature synthesis, this study evaluates four primary domains: governance quality, organisational architecture and capabilities, supplier relationships, and cyber insurance. The findings reveal that governance quality—operationalised through strong prevention, detection, and recovery controls rather than formal frameworks alone—consistently predicts lower breach severity and faster recovery. Trained, standardised response procedures demonstrably reduce downtime, with evidence suggesting approximately eighteen per cent improvement in response times. External suppliers contribute positively when effectively integrated into organisational playbooks, whilst cyber insurance primarily transfers financial risk rather than accelerating technical recovery. The research concludes that organisations seeking improved cyber resilience should prioritise practical control strength, rehearsed incident response capabilities, and adaptive governance cultures, treating insurance and supplier relationships as complementary rather than central elements.
Introduction
The contemporary digital landscape presents organisations with unprecedented opportunities alongside significant vulnerabilities. Cyber attacks have evolved from isolated technical incidents into sophisticated, multifaceted threats capable of disrupting critical infrastructure, compromising sensitive data, and inflicting substantial financial and reputational damage. The escalating frequency and severity of these attacks necessitates a fundamental shift in organisational thinking—from purely preventative security measures towards comprehensive cyber resilience strategies that enable rapid recovery when breaches inevitably occur.
Organisational resilience in the cyber context encompasses the capacity to anticipate, withstand, recover from, and adapt to adverse cyber events. Unlike traditional security paradigms focused primarily on perimeter defence, resilience acknowledges that complete prevention remains unattainable and emphasises the importance of minimising impact and accelerating restoration when incidents occur. This conceptual evolution reflects broader trends in risk management, where scholars increasingly recognise that organisational survival depends not upon avoiding all disruptions but upon responding effectively when they materialise.
The academic importance of understanding cyber resilience determinants extends across multiple disciplines. Information systems scholars seek to identify technological architectures that facilitate recovery, whilst organisational theorists examine governance structures and cultural factors that enable adaptive responses. Risk management researchers investigate the efficacy of financial instruments such as insurance, and supply chain specialists explore how external partnerships influence recovery trajectories. This interdisciplinary interest underscores the multifaceted nature of cyber resilience as a phenomenon requiring integrated analytical approaches.
Practically, the stakes involved are considerable. The IBM Cost of a Data Breach Report consistently demonstrates that organisations with tested incident response plans and mature security capabilities experience significantly lower breach costs and shorter recovery periods. Regulatory frameworks including the European Union’s Network and Information Security Directive and the United Kingdom’s operational resilience requirements for financial services now mandate demonstrable recovery capabilities, transforming cyber resilience from a discretionary investment into a compliance imperative. For executives and boards, understanding which factors genuinely predict faster recovery enables more informed resource allocation decisions amidst competing organisational priorities.
Despite growing scholarly attention, significant gaps persist in understanding what actually predicts faster recovery. Much existing research focuses on prevention and detection, with recovery receiving comparatively less empirical investigation. Furthermore, practitioner guidance often conflates correlation with causation, promoting investments in particular technologies or insurance products without robust evidence of their recovery-enhancing effects. This dissertation addresses these gaps by synthesising available evidence to identify which organisational factors most reliably predict faster, less damaging recovery from cyber attacks.
Aim and objectives
The overarching aim of this dissertation is to critically evaluate the organisational factors that predict faster recovery from cyber attacks, with particular attention to governance, architecture, supplier relationships, and insurance.
To achieve this aim, the following objectives guide the investigation:
1. To examine the role of governance quality and leadership characteristics in enabling rapid cyber incident recovery.
2. To analyse how organisational architecture, internal capabilities, and response processes influence recovery speed and effectiveness.
3. To evaluate the contribution of external suppliers and strategic partnerships to post-attack recovery outcomes.
4. To assess the extent to which cyber insurance predicts faster recovery, distinguishing between financial and operational resilience effects.
5. To synthesise findings across these domains, identifying the relative importance of each factor and their interactions.
6. To derive practical implications for organisations seeking to enhance their cyber resilience posture.
Methodology
This dissertation employs a literature synthesis methodology, systematically reviewing and integrating findings from diverse academic sources to construct a comprehensive understanding of cyber resilience determinants. This approach is appropriate given the research aim, which requires consolidating evidence across multiple studies rather than generating new primary data.
The synthesis draws upon peer-reviewed journal articles, conference proceedings, and systematic reviews published in reputable information systems, management, and cybersecurity outlets. Source selection prioritised empirical studies offering quantitative or qualitative evidence regarding recovery outcomes, supplemented by conceptual frameworks that inform theoretical understanding. Key sources include large-scale empirical analyses of cyber incidents, case study collections, and systematic reviews of cyber resilience frameworks.
The analytical approach involved categorising sources according to the four focal domains—governance, architecture, suppliers, and insurance—whilst remaining attentive to cross-cutting themes and interactions. Within each domain, evidence was evaluated for consistency, methodological rigour, and practical relevance. Particular attention was paid to distinguishing between factors that correlate with better outcomes and those demonstrably causing faster recovery, acknowledging the limitations inherent in observational research designs prevalent in this field.
The synthesis also incorporated comparative analysis, weighing the relative predictive power of different factors where evidence permitted such assessment. This comparative perspective responds directly to practitioner needs for guidance on resource prioritisation, moving beyond cataloguing relevant factors to evaluating their relative importance.
Limitations of this methodology include dependence upon the quality and comprehensiveness of existing literature, potential publication bias favouring statistically significant findings, and challenges in generalising across diverse organisational contexts and attack types. Nevertheless, literature synthesis represents the most appropriate methodology for addressing the research aim, enabling integration of evidence that no single primary study could provide.
Literature review
### Conceptualising cyber resilience
The concept of cyber resilience has evolved considerably from its origins in ecological and engineering systems theory. Contemporary definitions emphasise not merely the ability to withstand attacks but the capacity for rapid recovery and adaptive learning. This conceptualisation distinguishes resilience from traditional security, which focuses primarily on prevention, and from business continuity, which emphasises maintaining operations during disruptions. Cyber resilience integrates these concerns whilst adding emphasis on learning and improvement following incidents (Annarelli, Nonino and Palombi, 2020).
Systematic reviews of cyber resilience frameworks reveal substantial variation in how different authors operationalise the concept. Estay et al. (2020) identify multiple dimensions including anticipation, resistance, recovery, and evolution, noting that frameworks differ in their relative emphasis on each component. Despite this variation, recovery consistently emerges as a central element, reflecting practical recognition that even well-defended organisations will experience successful attacks. The recovery dimension encompasses technical restoration of systems, operational resumption of business processes, and reputational repair of stakeholder relationships.
### Governance and leadership as recovery predictors
A substantial body of evidence identifies governance quality as a significant predictor of cyber incident outcomes, including recovery speed and completeness. Governance in this context encompasses board oversight, executive leadership, policy frameworks, and the organisational structures through which security responsibilities are assigned and exercised.
Tsen, Ko and Slapničar (2020) provide particularly compelling evidence through their analysis of 1,145 publicly reported cyber incidents. Their study conceptualises cyber resilience from a governance perspective, examining how organisational governance characteristics relate to breach severity and subsequent regulatory investigations. The findings demonstrate that stronger prevention, detection, and recovery processes associate with lower breach severity, suggesting that well-governed organisations experience less damaging incidents from which recovery is consequently easier. Importantly, this study reveals that the formal existence of cybersecurity roles and frameworks does not significantly relate to better outcomes, indicating that governance on paper differs substantially from governance in practice. Real control strength and genuine response capability matter more than documented policies and appointed officers.
Qualitative research extends these findings by identifying specific governance characteristics that enable effective crisis response. Vasudevan, Piazza and Carr (2022) highlight cyber strategy, skilled personnel, clear reporting structures, and effective board-security communication as key non-technical factors supporting resilience. These governance features facilitate rapid decision-making, appropriate escalation, and coordinated response during attacks when time pressure is intense and information incomplete. Their research emphasises that resilience is fundamentally an organisational rather than purely technical phenomenon, requiring alignment across multiple management domains.
Dupont’s (2019) examination of financial institutions introduces the concept of “mindful organising” as a governance characteristic predicting resilience. Drawing upon high-reliability organisation theory, this research identifies preoccupation with failure, sensitivity to operations, commitment to resilience, and deference to expertise as cultural traits enabling effective crisis response. Organisations exhibiting these characteristics engage in continuous sense-making and maintain adaptive capacity under stress, qualities essential for navigating the uncertainty inherent in major cyber incidents. The contrast with compliance-oriented approaches emphasising long checklists is instructive: mindful organising involves active engagement with risk rather than passive adherence to documented procedures.
The governance literature collectively suggests that organisations wishing to improve recovery capabilities should focus less on formal structures and documented frameworks than on developing genuine leadership attention to cyber risk, cultivating adaptive decision-making cultures, and ensuring that response capabilities are regularly tested and refined.
### Organisational architecture and internal capabilities
Beyond governance, organisational architecture—encompassing technical infrastructure, human capabilities, and operational processes—significantly influences recovery outcomes. This domain addresses how organisations structure their resources and routines to enable rapid response and restoration.
Appiah, Amankwah-Amoah and Liu (2020) develop a cyber resilience architecture model derived from analysis of twenty-one case studies. Their framework identifies three critical stages: proactive scanning and threat identification, rapid neutralisation of detected threats, and post-incident redesign and upgrading of human, technological, and financial resources. Organisations that have routinised these stages—embedding them in standard operating procedures and organisational culture—demonstrate superior ability to mobilise expertise and resources during attacks, returning to normal operations more quickly than less prepared counterparts. The emphasis on routinisation is significant: ad hoc responses, however heroic, prove less effective than systematised approaches refined through practice and experience.
Response process training emerges as a particularly important capability predictor. Choi et al. (2023) develop cyber resilience evaluation methods focusing specifically on response time, treating recovery duration as a direct resilience metric. Their evaluation study demonstrates that training and optimisation of response activities can reduce response time by approximately eighteen per cent, representing a substantial improvement with direct operational implications. Standardised procedures for detection, incident response, and system restoration reduce average downtime by minimising confusion, eliminating unnecessary deliberation, and ensuring that appropriate actions occur in proper sequence.
The importance of preparedness receives reinforcement from multiple additional studies. Safitra, Lubis and Fakhrurroja (2023) propose frameworks stressing planning, preparation, and adaptation supported by continuous learning, digital environmental scanning, and rapid resource reconfiguration. Similarly, Annarelli, Nonino and Palombi (2020) emphasise that organisations must develop capabilities across all resilience phases, not merely prevention, to achieve robust and timely recovery. Their managerial framework highlights the interdependence of technical and organisational elements, cautioning against purely technological approaches that neglect human and process dimensions.
Collectively, this literature identifies internal capabilities and processes as proximate predictors of recovery speed. Whilst governance sets strategic direction and cultural tone, architecture and capabilities determine operational execution when incidents occur. Organisations with well-designed technical infrastructures, trained personnel, and rehearsed procedures recover faster than those relying upon improvisation or hoping that prevention will succeed indefinitely.
### The role of suppliers and external partners
Modern organisations rarely possess all capabilities required for effective cyber resilience internally. External suppliers—including technology vendors, managed security service providers, incident response consultants, and legal and communications specialists—potentially augment organisational capacity in ways that accelerate recovery.
Appiah, Amankwah-Amoah and Liu (2020) identify external expertise and alliances as factors enhancing resilience by supplying skills and resources unavailable in-house. Collaboration with relevant networks and third-party providers can improve detection, incident response, and recovery capabilities, particularly for organisations lacking the scale to maintain comprehensive internal teams. The increasing complexity and sophistication of attacks reinforces the value of external partnerships, as few organisations can independently develop expertise across all relevant threat vectors and response domains.
However, the literature suggests that the mere existence of supplier relationships provides limited predictive value for recovery outcomes. What matters is how effectively suppliers are integrated into organisational response frameworks. Perera et al. (2022) examine reputational recovery following cyber incidents, identifying stakeholder response speed and internal coordination as key factors. Achieving rapid, coordinated responses depends substantially upon how well suppliers, incident response firms, and communication teams are incorporated into organisational playbooks and governance structures. Organisations that engage suppliers only after incidents occur, without prior relationship development and process integration, cannot realise the full potential value these partnerships offer.
This evidence suggests that suppliers function as recovery enablers rather than predictors in themselves. Their contribution materialises through governance and architecture: effective supplier management represents a governance competency, whilst integrated supplier capabilities constitute an architectural element. Organisations should therefore consider supplier relationships as components of broader resilience strategies rather than standalone solutions.
### Cyber insurance and recovery outcomes
Cyber insurance has attracted increasing attention as both a risk transfer mechanism and potential resilience enhancer. Proponents argue that insurance incentivises improved security practices through underwriting requirements and premium adjustments, whilst also providing access to expert services during incidents. Critics question whether insurance genuinely improves operational outcomes or merely transfers financial consequences.
Systematic reviews position insurance as a complementary rather than central resilience element. Estay et al. (2020) observe that insurance appears far less frequently in cyber resilience frameworks than detection, incident response, or recovery measures, suggesting that academic and practitioner communities do not view it as a primary determinant of recovery capability. Dupont (2019) similarly treats insurance as one element among many, without privileged status in resilience architecture.
Several studies identify mechanisms through which insurance might indirectly support recovery. Mott et al. (2023) describe how insurance provides an “in-built support network” encompassing forensics, incident response, legal advice, and public relations assistance. This bundled service provision can improve organisational preparedness and post-breach handling, particularly for smaller organisations lacking internal capabilities. Baker and Shortland (2022) examine insurance in the ransomware context specifically, noting that insurers increasingly function as enterprise partners rather than merely financial risk transferors, providing services that support recovery alongside claims payment.
Despite these potential benefits, the evidence does not support insurance as a strong predictor of faster technical recovery. Insurance primarily transfers financial risk, and as Estay et al. (2020) observe, it cannot cover all harms, does not reduce recurrence likelihood, and may inadequately address non-financial impacts such as reputational damage. Sunna et al. (2025) caution against treating insurance as the main resilience strategy given these limitations. Organisations with excellent insurance coverage but weak internal capabilities will still experience protracted recovery periods; the financial protection insurance provides addresses consequences rather than causes of extended disruption.
Emerging quantitative research provides nuanced evidence regarding insurance effects. Huang and Cornell (2025) examine ransomware incidents, finding that higher preparedness—measured via insured exposure and associated services—associates with lower total incident costs. However, the mechanism appears to operate through cost containment rather than demonstrably shorter technical recovery times. Insurance may improve financial outcomes whilst leaving operational recovery unchanged, a distinction with significant practical implications.
The most favourable interpretation of insurance’s resilience contribution recognises that value depends upon implementation. Insurance is most beneficial when it bundles and enforces sound practices—such as multi-factor authentication, endpoint detection and response tools, and response planning—and connects organisations with expert responders. As a standalone financial product divorced from these operational elements, insurance functions as a weak predictor of rapid technical recovery.
Discussion
### Synthesising evidence across domains
The literature synthesis reveals a clear hierarchy among the four domains examined. Governance quality and organisational architecture consistently emerge as the strongest predictors of faster, less damaging recovery. Supplier relationships contribute positively when effectively integrated but lack independent predictive power. Insurance primarily addresses financial rather than operational recovery, with limited evidence of effects on technical restoration speed.
This hierarchy reflects the fundamental nature of cyber resilience as an organisational capability rather than an externally acquired product or service. Recovery speed depends upon what organisations can do when attacks occur—their capacity to detect, contain, investigate, remediate, and restore—rather than upon what they have purchased or whom they have contracted. Governance shapes the strategic attention, resource allocation, and cultural orientation that determine whether genuine capabilities develop. Architecture operationalises this strategic intent through specific structures, processes, and competencies that execute recovery activities. Suppliers and insurance can augment these internal foundations but cannot substitute for them.
The finding that formal governance structures—documented policies, appointed officers, adopted frameworks—do not significantly predict outcomes challenges conventional wisdom and prevalent regulatory approaches. Compliance-oriented thinking assumes that organisations with appropriate formal structures will achieve better outcomes, yet the evidence suggests otherwise. This disconnect likely reflects the difference between governance as symbolic performance and governance as substantive practice. Organisations may adopt structures to satisfy external expectations without genuinely integrating them into decision-making and operations. Regulators and auditors, unable to observe internal realities directly, rely upon formal indicators that may mislead regarding actual capability.
### Implications for resilience theory
These findings contribute to theoretical understanding of organisational resilience more broadly. The emphasis on mindful organising and adaptive capacity aligns with high-reliability organisation theory, which examines how organisations maintain effective performance despite operating in complex, hazardous environments. Characteristics such as preoccupation with failure, sensitivity to operations, and deference to expertise describe organisations that actively engage with risk rather than passively awaiting events. Cyber resilience appears to share these foundations, suggesting theoretical integration across domains including healthcare safety, nuclear operations, and emergency services where similar principles apply.
The importance of routinisation and rehearsal resonates with organisational learning theory, which emphasises that capabilities develop through iterative practice and reflection. Organisations cannot simply design optimal response processes and implement them successfully on first use; capabilities must be developed through exercises, refined based on experience, and maintained through continued attention. This perspective implies that resilience is not a state to be achieved but a capacity to be continuously cultivated.
### Practical implications for organisations
For practitioners, the evidence provides clear guidance on resource prioritisation. Organisations seeking faster recovery should focus investments on developing strong prevention, detection, and recovery controls operationalised through trained, standardised response procedures. Leadership attention should emphasise adaptive culture and decision-making capability rather than compliance documentation. Response processes require regular testing and refinement, with the approximately eighteen per cent improvement in response times demonstrated through training representing a quantifiable return on preparedness investment.
Supplier relationships warrant strategic rather than transactional management. Organisations should identify partners whose capabilities complement internal resources, integrate these partners into response playbooks, and exercise joint procedures to ensure effective collaboration when incidents occur. Ad hoc engagement of suppliers during crises, whilst better than no external support, realises less value than prepared, integrated partnerships.
Insurance decisions should reflect realistic expectations regarding coverage scope and recovery effects. Insurance provides valuable financial protection and, when structured appropriately, access to expert services during incidents. However, organisations should not expect insurance to accelerate technical recovery absent internal capabilities that enable effective use of insurer-provided services. Insurance represents one element of comprehensive resilience strategy, not a substitute for operational preparedness.
### Limitations and caveats
Several limitations merit acknowledgement. The literature upon which this synthesis draws consists predominantly of observational studies, limiting causal inference. Organisations with stronger governance and architecture may differ from weaker counterparts in ways beyond measured variables, introducing potential confounding. The relative scarcity of longitudinal studies examining recovery trajectories constrains understanding of temporal dynamics. Furthermore, publication bias may favour studies reporting significant relationships, potentially overstating effect sizes.
Contextual variation also complicates generalisation. Large organisations with substantial resources face different challenges and possess different capabilities than small and medium enterprises. Critical infrastructure operators subject to stringent regulation operate in different environments than commercial businesses with greater strategic flexibility. Attack types vary substantially, and factors predicting rapid recovery from data breaches may differ from those relevant to ransomware or denial-of-service incidents. Readers should exercise appropriate caution when applying these findings to specific organisational contexts.
Conclusions
This dissertation has critically evaluated the organisational factors that predict faster recovery from cyber attacks, addressing a topic of increasing academic and practical importance. The synthesis of available evidence reveals that governance quality and organisational architecture consistently emerge as the strongest predictors of recovery outcomes, whilst supplier relationships and insurance play complementary rather than central roles.
Regarding the first objective, governance quality substantially influences recovery, but through mechanisms that differ from conventional assumptions. Strong prevention, detection, and recovery controls—operationalised in practice rather than merely documented—predict lower breach severity and better outcomes. Formal governance structures provide limited predictive value absent genuine implementation. Leadership attention, adaptive culture, and effective decision-making processes enable the rapid, coordinated responses that minimise incident duration and impact.
The second objective concerned organisational architecture and internal capabilities. Evidence strongly supports the importance of trained, standardised response procedures, with quantifiable improvements in response times demonstrated through preparedness investments. Routinised processes for threat identification, neutralisation, and post-incident adaptation enable organisations to mobilise resources effectively and return to normal operations quickly.
Addressing the third objective, external suppliers contribute positively to recovery when effectively integrated into organisational response frameworks. However, the mere existence of supplier relationships does not predict better outcomes. Value materialises through integration—incorporating suppliers into playbooks, governance structures, and rehearsed procedures—rather than through contractual relationships alone.
The fourth objective examined cyber insurance, revealing that insurance primarily transfers financial risk rather than accelerating technical recovery. Insurance can provide access to valuable services and may incentivise improved security practices through underwriting requirements. Nevertheless, as a standalone financial product, insurance represents a weak predictor of rapid operational restoration.
Synthesising across these domains addresses the fifth objective, revealing that organisations should prioritise investments in practical control strength, rehearsed incident response capabilities, and adaptive governance cultures. Suppliers and insurance warrant attention as complementary elements but should not be mistaken for substitutes for internal capability development.
The sixth objective sought practical implications, which emerge clearly from the analysis. Organisations should focus on what they can do rather than what they have documented or purchased. Regular testing, refinement of response procedures, and cultivation of mindful organising practices offer more reliable paths to faster recovery than formal compliance or financial risk transfer.
Future research should address several priorities. Longitudinal studies tracking organisations through multiple incidents would illuminate learning processes and capability development trajectories. Comparative research across sectors and organisational sizes would clarify contextual boundaries of current findings. Examination of specific attack types would enable more tailored guidance for different threat scenarios. Finally, research explicitly comparing insured versus uninsured organisations experiencing similar incidents would provide clearer evidence regarding insurance effects on recovery outcomes.
As cyber attacks continue to proliferate and intensify, organisational resilience becomes ever more critical. This dissertation contributes to understanding what genuinely predicts faster recovery, enabling organisations to make more informed investments in their resilience capabilities and supporting researchers in prioritising productive avenues for continued investigation.
References
Annarelli, A., Nonino, F. and Palombi, G. (2020) ‘Understanding the management of cyber resilient systems’, *Computers and Industrial Engineering*, 149, p. 106829. https://doi.org/10.1016/j.cie.2020.106829
Appiah, G., Amankwah-Amoah, J. and Liu, Y. (2020) ‘Organizational Architecture, Resilience, and Cyberattacks’, *IEEE Transactions on Engineering Management*, 69, pp. 2218-2233. https://doi.org/10.1109/tem.2020.3004610
Baker, T. and Shortland, A. (2022) ‘Insurance and enterprise: cyber insurance for ransomware’, *The Geneva Papers on Risk and Insurance – Issues and Practice*, 48, pp. 275-299. https://doi.org/10.1057/s41288-022-00281-7
Choi, S., Youn, J., Kim, K., Lee, S., Kwon, O. and Shin, D. (2023) ‘Cyber-Resilience Evaluation Methods Focusing on Response Time to Cyber Infringement’, *Sustainability*, 15(18), p. 13404. https://doi.org/10.3390/su151813404
Dupont, B. (2019) ‘The cyber-resilience of financial institutions: significance and applicability’, *Journal of Cybersecurity*, 5(1), p. tyz013. https://doi.org/10.1093/cybsec/tyz013
Estay, D., Sahay, R., Barfod, M. and Jensen, C. (2020) ‘A systematic review of cyber-resilience assessment frameworks’, *Computers and Security*, 97, p. 101996. https://doi.org/10.1016/j.cose.2020.101996
Huang, L. and Cornell, K. (2025) ‘From Payer to Protector: the Evolving Role of Cyber Insurance in Ransomware Defense’, *2025 Systems and Information Engineering Design Symposium (SIEDS)*, pp. 506-511. https://doi.org/10.1109/sieds65500.2025.11021152
Mott, G., Turner, S., Nurse, J., MacColl, J., Sullivan, J., Cartwright, A. and Cartwright, E. (2023) ‘Between a rock and a hard(ening) place: Cyber insurance in the ransomware era’, *Computers and Security*, 128, p. 103162. https://doi.org/10.1016/j.cose.2023.103162
Perera, S., Jin, X., Maurushat, A. and Opoku, D. (2022) ‘Factors Affecting Reputational Damage to Organisations Due to Cyberattacks’, *Informatics*, 9(1), p. 28. https://doi.org/10.3390/informatics9010028
Safitra, M., Lubis, M. and Fakhrurroja, H. (2023) ‘Counterattacking Cyber Threats: A Framework for the Future of Cybersecurity’, *Sustainability*, 15(18), p. 13369. https://doi.org/10.3390/su151813369
Sunna, A., Sultana, T., Kshetri, N. and Uddin, M. (2025) ‘AssessCICA: Assessing and Mitigating Financial Losses from Cyber Attacks with Role of Cyber Insurance in Post-Pandemic Era’, *2025 13th International Symposium on Digital Forensics and Security (ISDFS)*, pp. 1-6. https://doi.org/10.1109/isdfs65363.2025.11012092
Tsen, E., Ko, R. and Slapničar, S. (2020) ‘An exploratory study of organizational cyber resilience, its precursors and outcomes’, *Journal of Organizational Computing and Electronic Commerce*, 32, pp. 153-174. https://doi.org/10.1080/10919392.2022.2068906
Vasudevan, S., Piazza, A. and Carr, M. (2022) ‘Qualitative Factors in Organizational Cyber Resilience’, *2022 International Conference on Cyber Resilience (ICCR)*, pp. 1-5. https://doi.org/10.1109/iccr56254.2022.9995762
