Cybersecurity management system of large enterprises: Probabilistic behavioural model

This article presents an in-depth examination of the behaviours of large enterprises in managing information security, aiming to develop a model that illustrates the relationships between various cybersecurity variables. Conducted between 2022 and the first half of 2023, the study involved 52 significant organizations in the Czech Republic, offering insights applicable across the European Union. Amidst rising cyber threats, the research evaluates the current cybersecurity landscape within commercial and public institutions, analysing vulnerabilities, defence strategies, and compliance across different sectors. Utilizing interviews with security and IT managers, the study employs frameworks and methodologies including the Center for Internet Security controls and Bloom’s taxonomy, to propose a probabilistic model that clarifies the marginal and conditional probabilities of cybersecurity variables. This model aims to support EU regulátory bodies and organizations specializing in cybersecurity services and training. Additionally, the study explores the impact of top management’s cybersecurity education on organizational security levels and the economic aspects of information security management. Despite limitations related to sample size and potential respondent bias, this research contributes to the cybersecurity discourse by offering a comprehensive model that facilitates understanding of the complex interplay of factors affecting information security management in large organizations.