Abstract
Cyber resilience involves most societal actors, i.e. organizations, individuals, threat actors, governments, insurers, etc., at most levels of organization. Actors are embedded within each other and choose strategies based on beliefs and preferences which impact and is impacted by cyber resilience. The article reviews the literature, attempting to capture the core ingredients of cyber resilience. Non-threat actors seeking to obtain cyber resilience are distinguished from threat actors. Actors have resources, competence, technology, and tools. They make choices that impact the cyber resilience for all actors, including themselves. Cyber resilience relates to cyber insurance through entry requirements or preconditions for cyber contracts, need for various services such as incident response, data gathering, and cover limitations. Cyber resilience is linked to the internet of things which in the future can be expected to simplify life through artificial intelligence and machine learning, while being vulnerable through a large attack surface, insufficient technology, challenging handling of data, possible high trust in computers and software, and ethics.
Highlights
Moore [37] considers the economics of cyber security, accounting for misaligned incentives, information asymmetries, and externalities, which extend beyond technical approaches
That we have considered the actors, levels, beliefs, and preferences relevant for cyber resilience, and what we mean by cyber resilience, let us proceed to consider the resources, competence, technology, tools, and strategies in cyber resilience
The relationship between cyber resilience and cyber insurance further depends on entry requirements or preconditions for signing cyber contracts which impact premiums, the services provided by insurance companies such as incident response, data gathering from claims, and limitations on coverage based on security measures in place
Summary
Resilience has been analyzed extensively within risk analysis, especially related to physical infrastructures [4,9,13]. Knowledge within mature research fields gets more settled into practices, laws and regulations, the education of practitioners, etc. Our knowledge about the factors associated with cyber resilience grows but needs to adapt to rapid changes. Enhancing our understanding of cyber resilience becomes imperative. A mapping of relevant factors is essential
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
