Organizations that run large or complex ICT infrastructures face a persistent flow of vulnerabilities, alerts, configuration deviations, and regulatory demands. Although risk management standards and security frameworks are widely adopted and generally mature, daily practice still relies on periodic, interview-based assessments that are only weakly connected to operational telemetry and often reflect subjective biases rather than the actual system or organization behavior. At the same time, automation technologies (continuous monitoring, standardized security data formats, and advances in machine learning and language models) are reshaping how security evidence can be collected, normalized, and interpreted. This paper presents a structured literature review of research and practice on automation in cyber risk management, with a focus on risk and governance frameworks; continuous monitoring and “evidence-as-code”; scenario-based methods; human factors such as information overload; alert and decision fatigue; and emerging work on compound/cascading cyber risk. The review consolidates contributions from standards bodies, empirical studies, and recent academic work, and identifies structural gaps, including the weak alignment between telemetry and governance processes, the scarcity of reusable scenario definitions, and the limited availability of simple, explainable models that connect continuous evidence with risk estimation. The paper concludes with future research directions towards integrated, automation-assisted cyber risk governance, particularly for mid-to-large ICT enterprises.
Automation in cyber risk management: a literature review of evidence, gaps, and emerging directions / Belli, Antonio; Maunero, Nicolò; Prinetto, Paolo. - 4198:(2026). ( ITASEC & SERICS 2026 - Joint National Conference on Cybersecurity 2026 Cagliari, Italy 09-13/02/2026).
Automation in cyber risk management: a literature review of evidence, gaps, and emerging directions
Belli Antonio
;Maunero Nicolò
;
2026
Abstract
Organizations that run large or complex ICT infrastructures face a persistent flow of vulnerabilities, alerts, configuration deviations, and regulatory demands. Although risk management standards and security frameworks are widely adopted and generally mature, daily practice still relies on periodic, interview-based assessments that are only weakly connected to operational telemetry and often reflect subjective biases rather than the actual system or organization behavior. At the same time, automation technologies (continuous monitoring, standardized security data formats, and advances in machine learning and language models) are reshaping how security evidence can be collected, normalized, and interpreted. This paper presents a structured literature review of research and practice on automation in cyber risk management, with a focus on risk and governance frameworks; continuous monitoring and “evidence-as-code”; scenario-based methods; human factors such as information overload; alert and decision fatigue; and emerging work on compound/cascading cyber risk. The review consolidates contributions from standards bodies, empirical studies, and recent academic work, and identifies structural gaps, including the weak alignment between telemetry and governance processes, the scarcity of reusable scenario definitions, and the limited availability of simple, explainable models that connect continuous evidence with risk estimation. The paper concludes with future research directions towards integrated, automation-assisted cyber risk governance, particularly for mid-to-large ICT enterprises.| File | Dimensione | Formato | |
|---|---|---|---|
|
paper68.pdf
accesso aperto
Descrizione: Automation in Cyber Risk Management: A Literature Review of Evidence, Gaps, and Emerging Directions
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
1.06 MB
Formato
Adobe PDF
|
1.06 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
