Developing a Framework for Measuring Organisational Cyber Resilience Against External and Internal Cyber Threats
The British University in Dubai (BUiD)
This dissertation empirically examines the level of resilience and readiness for cyber-risks in public sector organisations within the United Arab Emirates (UAE) to provide managers with proactive mechanism to improve the cyber-resilience of their organisations. Moreover, the study aims to synthesize the extant literature and identifies new framework that filling the gaps in the current practices. The importance of this study stemmed from the fact that cyber threats are becoming a significant global concern prompting the importance of developing a reliable resilience mechanism to counter cyber threats and risks in the UAE public sector organisations. Therefore, the study addressed four distinct challenges in order to develop the framework for the UAE; providing tools for the management, accepting the human factors of cyber-security, exploring the correlation between the risks, and examining the moderating effect of organisational resilience on cyber-risk. Using a positivist/realist philosophy and an inductive approach to the data. The quantitative approach was chosen to quantify the attributes of the study variables with a motive to prove the tested hypothesis. A qualitative analysis would not have allowed this unless the same person carried out the later examination. Having a number or percentage gives the manager a clearer picture. This approach has been successfully used in other research into cyber-resilience. The relevant epistemology and ontology for the research are also explained fully in the methodology section. An online questionnaire was used to gather quantitative data from employees in different UAE public sector organisations. Exploratory factor analysis (EFA) and multiple regression analysis were used to analyse 207 variables. The EFA was used to evaluate the underlying factor structure of a correlation matrix, and to build a theory. This helped to identify the latent factors underlying the manifest variables, and the relationships between latent and manifest variables. After the EFA, a multilinear regression analysis was used to further examine the study hypotheses that emerged from the factor analysis. The findings suggest that all the public sector organisations in the UAE have a satisfactory level of resilience to potential cyber-threats. There was a high level of awareness among UAE public sector employees of cyber-threats and risks, which could contribute to readiness and resilience to cyber-threats or attacks. This suggests that there may be a relationship between the level of employee awareness and readiness to deal with cyber-threats, and the organisations’ overall resilience and readiness. This study contributes to the literature on cyber-resilience best practices. It provides organisations in the UAE public sector with a conceptual model to enable them to evaluate and identify potential weaknesses in their readiness for and resilience to cyber-threats. The feedback from the pilot study suggests that the specialists spoken to believe that this is one of the first empirical studies to establish a relationship between the level of employee awareness and readiness to deal with cyber-threats, and the level of organisational resilience and readiness in UAE public sector organisations.
framework, cyber threats, cyber resilience, United Arab Emirates (UAE), cyber-risks, cyber-security, UAE public sector