Asila AlHarmali1, Saqib Ali1, Waqas Aman1, Omar Hussain2, 1Department of Information Systems, Sultan Qaboos University, Muscat, Oman, 2School of Business, University of New South Wales, Canberra, Australia
Cyber-Physical Systems (CPS) integrate physical and embedded systems with information and communication technology systems, monitoring and controlling physical processes with minimal human intervention. The connection to information and communication technology exposes CPS to cyber risks. It is crucial to assess these risks to manage them effectively. This paper reviews scholarly contributions to cyber risk assessment for CPS, analyzing how the assessment approaches were evaluated and investigating to what extent they meet the requirements of effective risk assessment. We identify gaps limiting the effectiveness of the assessment and recommend real-time learning from cybersecurity incidents. Our review covers twentyeight papers published between 2014 and 2023, selected based on a three-step search. Our findings show that the reviewed cyber risk assessment methodologies revealed limited effectiveness due to multiple factors. These findings provide a foundation for further research to explore and address other factors impacting the quality of cyber risk assessment in CPS.
cyber risk assessment, Cyber-Physical Systems (CPS), real-time learning, cybersecurity incidents, effectiveness of risk assessment.
