Solving the Missing Link Between Cyber Risk Management and Resilience

Monday, July 20, 2026, 11:00 AM

Session: SOC Poster Session (In-person)

Organizations face growing cyber threats that expose the limitations of traditional risk management approaches focused on prevention. While cyber risk management and cyber resilience are complementary, they are often developed in isolation, leading to overemphasis on short-term mitigation at the expense of long-term adaptive capabilities. This study proposes a conceptual system dynamics model that integrates both domains through the mechanisms of resilience-informed risk management (RIRM) and risk-informed resilience (RIR). Drawing on the capability trap perspective, the model explains how resource allocation between operational activities and capability development shapes organizational cybersecurity performance over time. By capturing the dynamic interaction between preventive and adaptive capabilities across disruption phases, the framework highlights how organizations can escape reactive cycles and achieve more balanced and resilient cybersecurity governance.

Presenter:
Nadia Lorraine Lawal


Download Supplementary Materials