Constructs
| Constructs | Measurement items | Adapted source |
|---|---|---|
| Potential Business Interruption Awareness (PBIA) | I am updated in terms of threats related to business interruption (PBIA1) | Yang et al. (2020) |
| I understand the risk of incidents related to business interruption (PBIA2) | ||
| Potential Reputational Damage Awareness (PRDA) | I am updated in terms of threats related to reputation damage (PRDA1) | Yang et al. (2020) |
| I understand the risk of incidents related to reputation damage (PRDA2) | ||
| Cyber Risk Governance Strategies and Policies (CRGSP) | Our (investments in) policies are clear and appropriate (CRGSP1) | Kanwal et al. (2022) |
| Our (investments in) procedures cover all the aspects of cyber risk in accordance with the required regulations (CRGSP2) | ||
| Our (investments in) procedures are reviewed and updated for addressing new vulnerabilities (CRGSP3) | ||
| Cyber Security Training (CST) | Our organisation regularly holds training programme for employees (CST1) | Kanwal et al. (2022) |
| Training that is carried out by our organisation covers critical aspects of cyber risk (CST2) | ||
| Cyber Risk Control (CRC) | Our (investments in) IT and OT systems/equipment are deigned and maintained to provide maximum protection (CRC1) | Kanwal et al. (2022) |
| The software for the systems is kept up to date (CRC2) | ||
| Cyber Risk Insurance (CRI) | My organisation is committed to supporting efforts in adopting cyber risk insurance for managing cyber risks (CRI1) | Ogbanufe et al. (2021) |
| The use of cyber risk insurance for managing cyber risks is important to our organisation (CRI2) | ||
| Perceived Effectiveness of Cyber Resilience (PECR) | Cyber risk (strategies) implementation can largely improve performances (cyber resilience) (PECR1) | Kanwal et al. (2022) |
| Our organisation (invests) in effective measures to remain operational even if we lose access to a critical digital asset (PECR2) |
| Constructs | Measurement items | Adapted source |
|---|---|---|
| Potential Business Interruption Awareness (PBIA) | I am updated in terms of threats related to business interruption (PBIA1) | |
| I understand the risk of incidents related to business interruption (PBIA2) | ||
| Potential Reputational Damage Awareness (PRDA) | I am updated in terms of threats related to reputation damage (PRDA1) | |
| I understand the risk of incidents related to reputation damage (PRDA2) | ||
| Cyber Risk Governance Strategies and Policies (CRGSP) | Our (investments in) policies are clear and appropriate (CRGSP1) | |
| Our (investments in) procedures cover all the aspects of cyber risk in accordance with the required regulations (CRGSP2) | ||
| Our (investments in) procedures are reviewed and updated for addressing new vulnerabilities (CRGSP3) | ||
| Cyber Security Training (CST) | Our organisation regularly holds training programme for employees (CST1) | |
| Training that is carried out by our organisation covers critical aspects of cyber risk (CST2) | ||
| Cyber Risk Control (CRC) | Our (investments in) IT and OT systems/equipment are deigned and maintained to provide maximum protection (CRC1) | |
| The software for the systems is kept up to date (CRC2) | ||
| Cyber Risk Insurance (CRI) | My organisation is committed to supporting efforts in adopting cyber risk insurance for managing cyber risks (CRI1) | |
| The use of cyber risk insurance for managing cyber risks is important to our organisation (CRI2) | ||
| Perceived Effectiveness of Cyber Resilience (PECR) | Cyber risk (strategies) implementation can largely improve performances (cyber resilience) (PECR1) | |
| Our organisation (invests) in effective measures to remain operational even if we lose access to a critical digital asset (PECR2) |
Source(s): Authors
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.