Stakeholders' perspectives on factors influencing the operationalisation of cyber resilience – A financial services case study

Thesis / Dissertation

2025

Permanent link to this Item
http://hdl.handle.net/11427/41459
Files
thesis_com_2025_adams asterico benjamin.pdf (1.75 MB)
Authors
Adams, Asterico Benjamin
Supervisors
Chigona, Wallace
Sowon Karen
Journal Title
Link to Journal
Journal ISSN
Volume Title
Publisher
Publisher

University of Cape town

Department
Department of Information Systems
Faculty
Faculty of Commerce
License
Series
Abstract
Background: Cyber resilience provides organisations with the ability to continuously deliver business services during an adverse cyber event. However, due to the multidisciplinary and diverse operational requirements needed for cyber resilience, the operationalisation of such a concept can introduce layers of complexity within an organisation where operationalisation is dependent on multiple stakeholders. It is therefore imperative to understand stakeholder perspectives and how it contributes to successful cyber resilience operationalisation. Purpose of the research: The objective of the study is to identify the factors that influence cyber resilience operationalisation from a stakeholder perspective and to explain how these factors impact the operationalisation of cyber resilience within an organisation. Design/Methodology/Approach: The study employed qualitative methods and was guided by Linkov and Kott's cyber resilience matrix framework which breaks down cyber resilience to various phases, presented as a continuum: plan, absorb, recovery and adapt. A financial services organisation in the Western Cape was used as the case study and purposive sampling was used to identify and interview stakeholders within the financial services organisation and gain insight into their perspectives regarding cyber resilience. Findings: The study underlined the influence of risk appetite and business requirements as factors in the plan phase, while the importance of data protection and adequacy of resilient system testing emerged as factors that influence the absorb phase. The impact of recovery time on business operations and data integrity were highlighted as key factors during the recovery phase. The impact of artificial intelligence, post incident review discussions and training and awareness were highlighted by stakeholders as important factors during the adapt phase. Overall, the findings show that these factors had an impact on the organisational priorities, resource availability, internal and external organisational considerations and on the need for continuous improvement of cyber resilience processes within the organisation. Practical implications: The findings of this study highlight how these identified factors impact operationalisation considerations from a stakeholder perspective and how these considerations impact the cyber resilience readiness of the organisation. Originality/Contribution: This study contributes to the research on the factors that play a role in cyber resilience operationalisation from a stakeholder perspective within a South African organisation and provides empirical evidence of how these factors impact the phases of cyber resilience. The outcome of this study can be used as a comparison against other industries.
Description
Keywords
Information Systems

Reference:

Adams, A.B. 2025. Stakeholders' perspectives on factors influencing the operationalisation of cyber resilience – A financial services case study. . University of Cape town ,Faculty of Commerce ,Department of Information Systems. http://hdl.handle.net/11427/41459

Collections
Masters