Newswise — LISBON, Portugal (June 20, 2017) – As network technologies reach deeper into our personal, professional, and even political lives, the threats posed by cybersecurity breaches grow in number and degree. In the new study, “Organizational Vulnerability and Cybersecurity Risk to Industrial Control Systems: Developing a Systematic Attentional Framework,” Alberto Zanutto, Sylvain Frey, Karolina Follis, Awais Rashid and Jerry Busby, all from the Security Lancaster Institute, Lancaster University, provide a unique, qualitative analysis for the detection of organizational vulnerabilities.

Dr. Busby will be formally presenting this paper at the June 19-21 conference of the Society for Risk Analysis in Lisbon, Portugal, at the Calouste Gulbenkian Foundation

To determine “how signals of these vulnerabilities can be obtained in a systematic way,” the authors conducted interviews with academics, consultants and security managers. The results gathered indicate that most vulnerability signals are “attentional” in nature, reflecting “biases, gaps and limitations” in the attention that organizations give to the threat of a cyberattack.  More robust technology, the authors suggest, can only help so much when organizational biases emphasize physical security over cybersecurity or minimize cybersecurity threats by denying their probability so managers can avoid professional embarrassment.

This study offers organizations with critical control systems at risk from cybersecurity threats an important corrective to overdependence on technology-only solutions by emphasizing how much organizational biases make cyberattacks possible.


About SRA

The Society for Risk Analysis is a multidisciplinary, interdisciplinary, scholarly, international society that provides an open forum for all those interested in risk analysis. SRA was established in 1980 and has published Risk Analysis: An International Journal, the leading scholarly journal in the field, continuously since 1981. For more information, visit