
Image created with Canva
Full book available for PDF download below
Group Leader:
Guro Skari Berger
Group Members:
Kasper Nylander, Markus Børrud Bjørndalen, Almin Dacic, Ebba Bakkerud Andersen, Johan Gimse Valseth, Christin Ylva Emanuelsen, Emil Lie Nesheim-Hauge, Julian Berg & Hilde Rangnes
Supervisor:
Prof. Dr. Bernhard M. Hämmerli
Topic Sponsor and Industry Expert Coach:
Peter Kosel, cyberunity
Abstract: Cybersecurity is often viewed by management as a cost factor, not contributing to economic performance. Historically, various methods have been used to justify cybersecurity expenses. However, emerging trends like “business-focused” and “business-centric” cybersecurity aim to secure management buy-in by integrating security with business goals, enhancing resilience, and driving value creation. These approaches position cybersecurity as an enabler of business performance rather than just a defensive measure.
Business-focused cybersecurity emphasizes regulatory compliance and high-performance teams, while business-centric cybersecurity embeds security into core business processes to support innovation and growth. These strategies are proactive, integrating threat intelligence and workforce training to create a culture of cybersecurity awareness, crucial against sophisticated attacks like double and triple extortion. In an evolving threat landscape, risk management approaches like Enterprise Security Risk Management (ESRM) and the Factor Analysis of Information Risk (FAIR) model help organizations strategically plan and prioritize resources. Emerging technologies such as AI and cloud computing enhance these strategies, improving threat identification and data management. In Industry 4.0, technologies like Cyber- Physical Systems (CPS) and Industrial Internet of Things (IIoT) require robust security measures.
Aligning these technologies with business-focused and business-centric approaches enhances resilience and performance. Overall, this book explores historical and emerging cybersecurity trends, examining their effectiveness in securing management buy-in and enhancing organizational performance. By integrating cybersecurity with business goals and leveraging new technologies, organizations can transform cybersecurity from a cost factor into a strategic asset that drives success in a complex threat landscape.