The American Journal of Engineering and Technology
126
https://www.theamericanjournals.com/index.php/tajet
TYPE
Original Research
PAGE NO.
126-150
10.37547/tajet/Volume07Issue08-14
OPEN ACCESS
SUBMITED
29 July 2025
ACCEPTED
04 August 2025
PUBLISHED
18 August 2025
VOLUME
Vol.07 Issue 08 2025
CITATION
Gazi Mohammad Moinul Haque, Dhiraj Kumar Akula, Yaseen Shareef
Mohammed, Asif Syed, & Yeasin Arafat. (2025). Cybersecurity Risk
Management in the Age of Digital Transformation: A Systematic Literature
Review. The American Journal of Engineering and Technology, 7(8), 126
–
150. https://doi.org/10.37547/tajet/Volume07Issue08-14
COPYRIGHT
© 2025 Original content from this work may be used under the terms
of the creative commons attributes 4.0 License.
Cybersecurity Risk
Management in the Age of
Digital Transformation: A
Systematic Literature
Review
Gazi Mohammad Moinul Haque
Department of Information Technology, Washington University of
Science and Technology (wust), Vienna, VA 22182,
Dhiraj Kumar Akula
Principal Data Architect, USA
Yaseen Shareef Mohammed
Master of Science Technology Management, Lindsey Wilson
University, 210 Lindsey Wilson St, Columbia, KY 42728 USA
Asif Syed
Master of Science Technology Management, Lindsey Wilson
University, 210 Lindsey Wilson St, Columbia, KY 42728 USA
Yeasin Arafat
Department of Information Technology Service Administration and
Management, St. Francis College, 179 Livingston St, Brooklyn, NY
11201
Abstract:
The cloud, the IoT, AI, and elaborate advances
in data analytics have radically changed organizational
business models and practices, in terms of digital
transformation of various industries. The high rate of
technological change, however, has also led to an
increase of cybersecurity threats, which have high levels
of threats to information integrity, privacy and
continuity of operation. The following paper consists of
a systematically reviewed literature analysis of the
existing cybersecurity risk management practices within
the framework of digital transformation, which analyzes
the evidence between the year 2014 and 2024
throughout the major scholarly databases. At the end of
the selection out of 2,311 sources considered, 87 peer-
reviewed studies, based on the PRISMA guidelines, were
chosen to answer the question of risk typology,
assessment methodology, and mitigation frameworks.
The American Journal of Engineering and Technology
127
https://www.theamericanjournals.com/index.php/tajet
Among other trends outlined in the review, there is a
significant transition to the paradigm of proactive risk
management and focus on real-time management, AI-
optimized threat identification, and cross-sector
security cooperation. It lumps cybersecurity risk into
technical risks, human risks, procedural risks and third-
party risks and it exposes risks faced by the sectors,
particularly the healthcare center, the finance and the
energy systems. More so, the findings define the low
application of quantitative risk assessment models in the
practice even though they have been found useful in the
academic research. The review reveals marked
deficiencies in longitudinal risk assessment, sectoral bias
in failure to establish literature especially in the
developing economies. This paper can effectively form a
critical basis of future research and strategic policy-
making by summarizing the existing state of knowledge
and determining urgent challenges. It provides a well-
grounded evidence framework to organizations willing
to develop adaptive, resilient, and data-based
cybersecurity risk management systems that comply
with the expectations of the digital era.
Keywords:
Cybersecurity, Digital Transformation, Risk
Management, Information Security, Systematic Review
1.
Introduction
Digital transformation has taken over the entire world
and this has become one of the paradigms that
characterize the business environment and governance
of the 21 st century. Increased investment by
organizations of all kinds, both public and privately
owned, is being made to improve productivity,
personalization of services and to have a competitive
advantage
in
fast-changing
markets
through
investments in digital infrastructure, cloud platforms,
artificial intelligence (AI), the Internet of Things (IoT),
and advanced analytics. Nevertheless, this rapid
embracement of the new technologies has also
increased the attack surface of digital ecosystems and
has brought about sophisticated complex cybersecurity
threats that have not been witnessed before in the
domain of traditional information technology (IT). In this
regard, the risk management of cybersecurity has
changed to become a strategic necessity. Driving
efficiency and innovation, digital transformation at the
same time subjects’ organizations to new categories of
vulnerabilities that interfere with traditional security
foundations and require an entirely new strategy to risk
analysis, remediation, and management.
The modern cyber reality is characterized by a
spectacular increase in the volume of threats, their
complexity and effects. IBM Cost of a Data Breach
Report 2023 shows that the average cost of a data
breach in the world was USD 4.45 million; this figure has
grown by 15 percent in three years. Also, more than 83
percent of surveyed organizations had multiple data
breaches experienced with a span of a year ^1^. These
statistics not just suggest the widespread nature of
online attacks but also how outdated traditional and
dynamic security measures are in the new age of
technology. The conventional perimeter-based models
of cybersecurity are no longer adequate as organizations
integrate and interconnect systems, third-party
integrations, and autonomous platforms in their
business. Zero Trust designs, behavior analytics, and
artificial intelligence-based monitoring have been
supplanting signature-based, rule-based ones, and
preventative approaches to risk management require
adaptiveness and predictability to keep up with and
respond to the changing threat landscape.
Additional drivers of the necessity to manage the risk
related to cybersecurity are the regulatory and
reputation risks. The emergence of data privacy laws,
like General Data Protection Regulation (GDPR),
California Consumer Privacy Act (CCPA) and industry
specific data privacy laws in the financial and healthcare
industries have committed the organizations to legally
and morally ensuring the confidentiality, integrity and
availability of the digital assets. A failure to comply may
not only lead to serious financial charges but it may also
lead to erosion of brand in the long-run as well as loss of
stakeholder
confidence.
Moreover,
digital
transformation usually involves a quick cultural change
within companies where staff members have to get
adjusted to new technology and processes. And this
human factor is still the most vulnerable point of cyber
security since insider threats, social engineering and
human error still represent a large fraction of security
breaches.
Even though the issue itself is becoming increasingly
known, the subject area on cybersecurity risk
management in the era of the digital transformation is
still disjointed, industry-specific, and greatly biased
toward the case or theoretical coverage of the topic.
Although a number of frameworks have been
established,
including
the
NIST
Cybersecurity
Framework, ISO/IEC 27001, and the FAIR model, there is
no unified acceptance and implementation of them in
The American Journal of Engineering and Technology
128
https://www.theamericanjournals.com/index.php/tajet
usage in all industries. Moreover, empirical analysis of
such frameworks in practice in a situation of digital
transformation is scarce, and it is often not possible to
find longitudinal data or any kind of comparison to
determine their success. Such heterogeneity creates
difficulty both to a practitioner who would like to apply
credible, active guidance, and to a scholar who would
like to further develop a unified div of knowledge. The
main problem is the lack of correspondence between
the academic innovation and its adaptation by the
industry; even though industry has suggested some
effective quantitative methods to deal with risks
academia presented the field with a number of data-
intensive and quantitative strategies that were never
adopted by industry because of the pressure in
knowledge base, resources, or scalability.
The necessity of a coherent integration of cybersecurity
risk management activities in the context of a digital
shift is a critical concern which this systematic literature
review attempts to cover. It strives to sum up the
current research potential of the last 10 years with its
main concerns on the risk typologies, methodology of
assessments, mitigation strategies, and sector-related
vulnerabilities. Not only does the review point out what
is known, but it also reveals serious knowledge gaps,
including the low use of predictive analytics in risk
assessment, the absence of focus on cross-border
cybersecurity regulation, and the low flexibility of the
available
frameworks
to
hybrid/cloud-native
architectures. Besides, by providing an intertwined
overview of the evidence-based strategies and keeping
a realistic perspective, the paper aims to close the
academic-practitioner gap.
The originality of the research is based on the fact that
it has developed a new cross-sector, systematic line of
reasoning, addressing the world in a current critical
situation regionally, which combines a quantitative
synthesis with a qualitative analysis. In contrast to
earlier surveys that are frequently confined to a specific
domain (e.g., finance or healthcare) or model, this paper
presents a rather comprehensive picture as it traces the
development of cybersecurity threats in line with the
digital transformation pathways in different industries.
It relies on extensive div of peer-reviewed researches
and policy papers, as well as empirical tests, to develop
a taxonomy of cybersecurity risks, evaluate the
performance of risk management models, and design a
guideline of future research and organization practice.
The review is both methodologically transparent and
relevant to the current scholarly discussion thanks to the
structure of PRISMA guidelines and strict inclusion
criteria that were employed.
The current paper is of special interest due to the speed
of digital transformation that has increased even faster
after the COVID-19 pandemic. Working at a distance,
service delivery, collaboration through the Internet have
become an order, which adds additional complexities to
cybersecurity
and
makes
organizational
risk
management bend its limits. This is a changing
environment whereby the old models should be
reconsidered whereas newer models need to be
established in order to create resilience, compliance,
and continuity in operations. In this systematic review,
we would like to contribute not only to a portrait of the
current academic discourse, but also to a roadmap that
would help organizations and policymakers in the murky
waters of cybersecurity in the digital era.
Finally, this paper makes a contribution to the pool of
existing information systems and cybersecurity
management as well as digital policy knowledge since it
provides the evidence-based, analytically sound, and
practically applicable synthesis. It calls out that a shift
has to be made to shift fragmented, fixed threat models
to a more integrated adaptive and predictive system of
cybersecurity. With digital transformation reshaping the
parameters of risk, the importance of establishing an
end-to-end dynamic cybersecurity risk management is
not only a technical issue but the key to sustainable
digital development.
2.
Literature Review
The accelerating digital transformation of various
industries has actually changed the paradigm of
managing the cybersecurity risk scenario. Due to an
increased number of organizations using cloud
computing, IoT, and AI, the traditional security model
finds it difficult to tackle the ever-widening attack
surfaces. Schneier reports that hyperconnectivity has
generated cyber-physical systems unprecedented
infrastructural weaknesses at the levels of ransomware
to even the involvement of states who sponsor it¹. This
is specifically the case with critical infrastructure, which
has been exposed during the Colonial Pipeline attack to
the risk of integration of IT and operational technology
systems². The situation in the financial industry is
special, and financial institutions have the highest
average cost of breaches, which reached $5.9 million in
2023, according to IBM assessment, mainly based on API
The American Journal of Engineering and Technology
129
https://www.theamericanjournals.com/index.php/tajet
vulnerabilities and supply chain subversion issues³.
Healthcare organizations also have issues with the
protection of legacy medical devices, with Zhang et al.
discovering that 60% of the connected medical devices
operate on outdated firmware, which makes them ripe
targets of ransomware attack⁴.
In this changing environment, the relevance of a shift in
approaches towards cybersecurity has become a
necessity
to
adopt
proactive
approaches
to
cybersecurity instead of being reactive. The examples
used by Kshetri to analyze the threats powered by AI
present the failure of traditional methods of detecting
malware, which have utilized the signature-based
approach to identify the threats despite them being
powered by AI, which requires more advanced methods
of detecting malware⁵. This is supported by the
Microsoft 2023 threat report that records a 35% rise in
attacks powered by AI, evading standard protections⁶. In
spite of this, recent evaluation carried out by ENISA
shows that the majority of organizations have not
improved yet and continue utilizing age-old qualitative
risk assessment as opposed to quantitative models such
as the factor analysis of information risk⁷ (FAIR). This
disparity of implementation exists even as NIST is still
perfecting its Cybersecurity Framework with the study
of Rittinghouse and Hancock revealing that merely 30%
of companies fully implement these guidelines because
of their limited resources⁸.
The greatest source of vulnerability is the aspect of
human factors in all sectors. According to the breach
report by Verizon in 2023, 74% of the incidents are
committed through human errors, phishing, or the
usage of stolen credentials⁹. Despite the fact that
security awareness training can decrease breaches by up
to 45%, as Pfleeger and Caputo indicate, there still are
organizations that refuse to spend sufficient sums of
money on well-structured behavioral cybersecurity
training programs¹⁰. These challenges have been made
worse by the COVID-19 pandemic as ENISA has recorded
how the rapidly initiated remote working has given rise
to new vectors of attack that many companies were ill-
equipped to deal with¹¹. Regulatory systems GDPR and
CCPA have tried to stiffen the defenses, yet, as
presented by Voigt and Von dem Bussche, their cross-
border application remains inconsistent, thereby
restricting their effectiveness¹². Solove and Schwartz
also criticize such regulations by adding that they do not
have effective deterrence measures against rising
complex threats¹³.
The new emerging technologies create solutions to the
cybersecurity equation as well as pose new threats. The
post-quantum cryptography program developed by NIST
is an effort to make encryption resistant to potential
attacks based on quantum computing, but the transition
has not been applied without difficulty¹⁴. In cloud
security, Gartner projects that 99% of breaches are
caused by misconfigurations, which makes automated
compliance tools necessary as they lower errors by
65%¹⁵. Amazon has already come up with such
automated tools to facilitate this goal. The 5G networks
deployment poses further risks, and ENISA cautions that
network-slicing architectures increase the extent of
attack surfaces in largely unexplored ways¹⁶. Another
emerging risk is adversarial AI attacks, where Papernot
et al. show how machine learning models can be fooled
with well-
designed inputs¹⁷.
Special care needs to be paid to critical infrastructure
protection because Dragos identified that the number of
ICS-
targeted ransomware attacks increased by 300%¹⁸.
In its SP 800-82, NIST offers recommendations on how
to secure industrial control systems, including AI-based
anomaly detection that demonstrates 92% accuracy
when detecting threats¹⁹. The Colonial Pipeline case,
which was comprehensively examined by Sanger,
highlighted the relevance of sharing intelligence on
threats between the public and private sector to
improve national security²⁰. Similar collaboration is
required in healthcare where Williams and Woodward
suggest using blockchain technology which may reduce
the time needed to detect breaches by 50% while
upholding patient privacy²¹.
Nevertheless, there remain major gaps in cybersecurity
risk management research. Kshetri in his global study
shows that fewer than 10% of articles focus on issues in
developing economies²². Longitudinal studies are also
scarce, with Siponen et al. identifying only 15% of papers
that trace the evolution of threats over time²³. These
problems are worsened by the cybersecurity workforce
shortage: (ISC)² estimates a global shortage of 3.4
million professionals needed to sufficiently protect
digital infrastructure²⁴. Nurse et al. suggest that
gamified training methods might help overcome this
shortage, but systemic education reforms are still
necessary²⁵.
The financial sector requires special solutions. The
SWIFT report on banking system compromises explains
how API vulnerabilities and supply chain attacks exploit
The American Journal of Engineering and Technology
130
https://www.theamericanjournals.com/index.php/tajet
interconnected financial networks²⁶. Federated learning
by Demirkan reduced the false positive rate in fraud
detection by 30% without compromising data privacy²⁷.
Healthcare cybersecurity faces different challenges,
with HIPAA Journal reporting a 123% increase in hospital
ransomware attacks since 2020²⁸. Legacy system
vulnerabilities are especially acute in this sector as
demonstrated by Notario et al. where old medical
devices frequently act as entry points for network
breaches²⁹.
Effective
risk
management
requires
blending
technological solutions with organizational and human
considerations. West's study of security culture
highlights how employee actions and organizational
priorities fundamentally determine cybersecurity
outcomes³⁰. This aligns with SANS Institute's finding that
organizations with strong security cultures experience
50% fewer breaches than industry averages³¹. Technical
controls alone cannot compensate for human factors, as
shown by Beautement et al.'s analysis of workflow
design impacts on security compliance³².
Looking ahead, several priorities emerge for
cybersecurity risk management. NIST's recent guidance
on Zero Trust architectures provides a framework for
more adaptive security postures³³. The UN's 2023
cybersecurity report emphasizes the need for global
collaboration in threat intelligence sharing and norm
development³⁴. At the organizational level, Microsoft's
adoption of "assume breach" mentalities represents an
important shift in defensive strategies³⁵. Academic
research must also evolve, with Stajano calling for more
interdisciplinary work bridging computer science,
economics, and behavioral psychology³⁶.
The regulatory landscape continues to evolve. The EU's
NIS2 Directive expands cybersecurity requirements for
critical infrastructure operators³⁷, while the US SEC's
new disclosure rules aim to improve transparency
around cyber incidents³⁸. Legal scholars like Crawford
and Schultz debate whether these measures properly
balance security and innovation³⁹. Technical standards
likewise evolve, with ISO/IEC 27001:2022 incorporating
new controls for cloud and supply chain security⁴⁰.
Ultimately,
comprehensive
strategies
combining
technology, people and processes are needed to
manage cybersecurity risks in the digital age. As Ross
Anderson contended, security systems must be
designed for how people actually behave, not how we
wish they would⁴¹. Future research should prioritize
longitudinal studies, global coverage, and practical
implementation guidance to help organizations navigate
this complex landscape⁴². With digital transformation
accelerating, the time for incremental improvements
has passed - we must fundamentally rethink
cybersecurity in an interconnecte
d world⁴³. Recent
incidents from SolarWinds to MOVEit prove the stakes
have never been higher⁴⁴. The coming years will test
whether our institutions can adapt quickly enough to
meet these challenges while preserving digital
innovation's benefits⁴⁵.
The American Journal of Engineering and Technology
131
https://www.theamericanjournals.com/index.php/tajet
Figure 01: Cybersecurity Threat Sources Emerging from Digital Transformation
Figure Description:
This mind map visualizes the core
technological and human-driven risk domains discussed
in the Literature Review, including cloud computing, IoT,
AI systems, supply chains, legacy infrastructure, and
human behavior, each associated with specific real-
world
cybersecurity
vulnerabilities
such
as
misconfigurations, outdated firmware, and social
engineering threats.
3.
Methodology
This paper takes a systematic literature review (SLR)
approach to review and synthesize the available
research on cybersecurity risk in the digital change
setting. Such methodological approach is justified by the
fact that it is rigorous, transparent and replicable which
is necessary when integrating various academic input in
this highly dynamic, interdisciplinary field. Because of
the fast development of the cyber threats as well as
technologies aiming to reduce the consequences of the
attacks, there was a need to conduct a systematic
process of the analysis, synthesis and evaluation of
evidence gathered in multiple sectors, frameworks and
approaches both empirically-based and theory-based.
It was performed in accordance with the PRISMA
(Preferred Reporting Items for Systematic Reviews and
Meta-Analyses) 2020 and with the aim of attaining
transparency, reproducibility, and the methodological
rigor of a review. The search, selection and evaluation
process were set using a definite protocol. The process
of conduct the research study had five major phases
formulation of review questions, development inclusion
and exclusion criteria, literature search in chosen
databases, data extraction and synthesis and quality
assessment of the selected studies.
In an attempt to define the review, the following guiding
research questions were set:
1.
Which are the most common cybersecurity
threats of digital transformation in various
industries?
2.
Which are the current frameworks, tools, and
methods used to evaluate and limit these risks?
3.
What are some of the implementation obstacles
and research gaps of present cyber security risk
management measures?
The data collection strategy implied a thorough search
of both peer-reviewed literature, empirical articles,
technical reports, and grey literature published during
the period of January 2014 to March 2024. The time
range of 10 years was chosen to make sure that both
cybersecurity and digital transformation will be
concentrated in the most common and actual events of
the decade. Such databases were applied as Scopus,
IEEE Xplore, SpringerLink, Wiley Online Library,
ScienceDirect, Google Scholar, ACM Digital Library, and
JSTOR. An effort was made to avoid publication bias and
to be as credible as possible, studies indexed in services
of higher quality were also taken into account (SSRN,
ResearchGate, PubMed, and arXiv) as long as they are
peer-reviewed or vetted at the institutional level.
The initial query was performed with the aid of the
Boolean operators of keywords that include:
“cybersecurity
risk
management,”
“digital
transformation,” “cloud security,” “AI
-
driven attacks,”
“IoT vulnerabilities,” “risk frameworks,” and “Zero Trust.
This gave the results 2,311 articles. After the elimination
of duplicates and non-peer-viewed literature, 1,627
studies left were scanned basing on the relevancy of
their titles and abstracts. The articles that did not have a
particular focus on cybersecurity in terms of digital
transformation, as well as the ones where the risk
management dimension was not primary, were omitted.
This filter narrowed down the papers to 264 papers. The
last stage was a full-text screening in accordance with a
set of agreed inclusion criteria, which came to 87 studies
that constituted the primary set of analyzed data.
The American Journal of Engineering and Technology
132
https://www.theamericanjournals.com/index.php/tajet
Figure 02: Systematic Literature Review Process Based on PRISMA 2020
Figure Description:
This flowchart illustrates the step-
by-
step methodology applied in the paper’s systematic
review, detailing the initial database search (2,311
records), screening phases, exclusion rationale, and final
selection of 87 peer-reviewed studies in alignment with
PRISMA guidelines.
They were identified using the following inclusion
criteria: (1) the study must be directly related to
cybersecurity
risks
associated
with
digital
transformation technologies like cloud, IoT, AI, or 5G; (2)
the study must include the discussion of/theorization in
areas of risk assessment methodology, mitigation
approach, or threat model concerning particular sectors;
(3) the publication must be issued between 2014 and
2024; (4) the article must be written in English. The
papers that found no place in the list were based entirely
on concepts rather than empirical basis, papers that
were purely on technical developments of cryptography
and had no organizational setting, and sources that
could not be accessed as full-text.
Structured coding template was used to extract data
relative to key variables such as the year of publication,
its area of focus (e.g. healthcare, finance, energy), risks
types determined, methodologies used, assessment
platforms used and outcomes obtained among any
quantitative measures provided. The research was then
organised into thematic baskets: typologies of risk,
methodologies of risk assessment, risk mitigation
strategies,
sector
specific
analysis,
regulatory
framework and implications of emerging technology.
In order to assess the quality and relevance of the
methodology of included studies, a modified copy of the
Critical Appraisal Skills Programme (CASP) checklist was
used. The methodological rigor, data sources
transparency, depth of analysis, and the study relevance
were evaluated in each of the studies. Only those
studies, which had a minimum score in all categories,
were accepted. As a method of improving the inter-rater
reliability, the review of 30 percent of the chosen articles
was conducted by a second reviewer separately.
Consensus was arrived at after discussing the
disagreement point till a solution was found.
Considering the lack of homogeneity with regards to the
metrics and assessment framework, the narrative
approaches were used to synthesize quantitative data.
Numerical comparisons, where applicable, were
performed, e.g., the frequency of breaches, the cost
effects, the rate of FRAME-adoption, or AI accuracy in
finding threats to help identify a trend or analytical
statements. NVivo 14 software allowed mapping
qualitative data and clustering them in themes and
comparative analysis across sectors.
The review process itself was full of ethical
consideration. Being a secondary research study which
used only publicly available data, the review was not
subjected to the ethics board of the institution. Yet, the
authors were extremely rigorous with standards of
academic integrity and transparency, citation ethics. No
trade secrets nor confidential information was involved.
Any study that has been cited has been correctly cited
The American Journal of Engineering and Technology
133
https://www.theamericanjournals.com/index.php/tajet
according to Vancouver in-text citation system as well as
the final list of references as APA-7 so that claims can be
traced with utmost confidence.
The comprehensiveness and methodological openness
of the given approach enable one to conduct a solid
analysis of cybersecurity risk management in the context
of digitally transforming environments. The review
provides a multidimensional perspective of the current
trends, challenges and future by combining quantitative
patterns and qualitative observations of study. This
approach also means that the result does not just prove
to be academically sound but it is also practically
applicable to the policymakers, industry professionals
and the researchers endeavoring to safeguards the
future of digital infrastructures.
4.
Typologies Of Cybersecurity Risks in Digital
Transformation
The recent level of incorporation of the digital
technologies into the very essence of the organizational
functions has revolutionized the threat landscape and
led to emergence and development of the new and
evolving types of cybersecurity challenges. Digital
transformation, typified by the implementation of cloud
computing, Internet of Things (IoT), artificial intelligence
(AI), 5G connectivity and automation has not only
brought about prospects of innovation and efficiency
but has also increased the attack surface dramatically
and made in an extreme manner. To be able to create
strong security schemes and distribute resources
adequately, it is important to understand the typologies
of cybersecurity risks inherent in this transformation.
The section reviews the literature available to group
them and discuss the most dangerous forms of
cybersecurity risks that occur in the context of a digital
transformation and focus more on sector-based trends,
vectors of attacks, and practical cases.
Technical risk is one of the most conspicuous categories
of cybersecurity risk in digital transformation because it
covers the weaknesses in software, hardware, and
network configurations. The mass deployment of cloud
infrastructure, to give one example which can be
extrapolated to others, has brought with it a variety of
misconfiguration problems; these are frequently related
to the use of complex, decentralized access controls and
multi-tenant spaces. According to the forecasts made by
Gartner, by 2025, 99 percent of cloud security failures
will result due to misconfigurations on the customer
side. Often, bad actors will use these lapses in order to
steal credentials or use privilege exploitations or act
directly in unsecured endpoints. Also, financial and
healthcare services are dominated by API-based
systems, which results in a wave of API-associated
vulnerabilities. The international cybersecurity overview
conducted by SWIFT attaches great importance to the
fact that the weaknesses of API sources have become
one of the most common causes of supply chain attacks
in banking systems. Moreover, technical risks are also
applied to AI systems with the potential to deceive the
machine learning models using adversarial input, as it
has been shown in controlled experiments indicating
certain concern about the integrity and robustness of
the models.
Very much related to technical risks are human oriented
risks that are the most widespread and challenging to
manage. In spite of using available technology, human
error still leads in breach causation statistics. According
to the 2023 Data Breach Investigations Report by
Verizon, 74% of the total breaches comprised some
human factors, like phishing, password insecurity, and
unintentional information leakage. Such risks become
aggravated within the context of the digitally
transformed workplace where workers have to use new
platforms, tools of working remotely, and digital
workflows with different degrees of cybersecurity
knowledge. Even the kind employees could be the
source of unwanted leakage of sensitive data because of
lack of training or fatigue. The situation has greatly
escalated with the COVID-19 pandemic, the spread of
home working exceeding the deployment of stronger
access controls and public VPNs, leaving vulnerable
attack vectors open in virtually every sector. Although
training programs have shown to be ameliorative in
curbing incidents, as observed by the results recorded
by Pfleeger and Caputo, which revealed that training on
security awareness can reduce a breach by 45% percent,
most organizations continue to underinvest in longer-
term behavioral cybersecurity training.
The other significantly important typology relates to the
organizational and procedural risks, which are brought
about by the retrogressive governance mechanisms,
noncompliance with the regulatory measures, and lack
of institutionalized mechanisms of responding to
incidents. With the unfolding of digital transformation
efforts, a significant number of organizations do not
revise the cybersecurity policies to keep abreast with
the adoption of technology. This tends to lead to
disjointed security management, enforcement, and
The American Journal of Engineering and Technology
134
https://www.theamericanjournals.com/index.php/tajet
failure to recognize and address the threats in real-time.
The newest risk landscape assessment published by
ENISA shows that a considerable number of firms still
uses outdated and qualitative approach of risk
assessment avoiding introduction of quantitative
framework such as FAIR because of inadequate
technical skills or constraints of available resources.
Among the respondents who indicated that the NIST
Cybersecurity Framework might be applied, Rittenhouse
and Hancock found that less than 30 percent of
companies completed the instructions of the cyberspace
security framework due to inertia and prohibitive cost
factors. Such a gap in the procedures is particularly
noticeable in such domains as healthcare, where
outdated systems tend to hinder the timely
modernization or adherence to flexible cybersecurity
solutions.
Supply chain and third-party risks form a fast-developing
typology of digital ecosystem. As organizations digitalize
each aspect of their operations, they are becoming more
and more dependent on software, hardware, cloud
service, and data processing provided by other
businesses.
Such
interdependence
generates
multifaceted networks of dependency in which the
weakness of one of the vendors will ripple down to
several clients. The SolarWinds attack that involved
malicious code being added to commonly used network
monitoring software also revealed how a vulnerability in
the supply chain can cause security breaches to even the
most security-aware organizations. In the same
measure, the MOVEit file transfer vulnerability that was
exploited in 2023 presented the risks attributed to
unmonitored vendor dependencies and inadequate
patch management. According to the reported breach
by IBM in 2023, the costs of breaches by third-party
providers were found to be more $1.5 million compared
to internal systems on average. The data points to the
necessity of introducing a continuous monitoring of
third-party risks and contractual cybersecurity
requirements in contracts with vendors.
Risks that are specific to a sector are also an important
factor to consider, especially sensitive information in
areas with important infrastructure. As an example in
the energy industry, there has been integration of
information technology (IT) and operational technology
(OT) systems where hybrid threats are presented that
are poorly supported by the traditional IT security
products. The recent 2021 Colonial Pipeline ransomware
attack that outlawed the supply of fuel throughout the
eastern parts of the U.S. was facilitated by an
unsegmented Operational Technology (OT) network,
showing how the digital transformation in operational
environments may possess direct material implications.
Likewise, in healthcare, unless upgraded through
firmware updates, interconnected medical devices used
are mostly outdated and easily susceptible in
ransomware attacks as shown by Zhang et al. in the
research they conducted, over 60 percent of
interconnected medical devices were still unpatched
and therefore very easy targets in targeted ransomware
attacks. These risks are added to by the pace of pressure
that goes with keeping patient data privacy regulation,
in which noncompliance attracts not only legal fines but
also the loss of public confidence.
New technologies bring along new typologies of risks as
well as new carriers of old risks. Recent introduction of
5G network is one such instance, because of
decentralized architectures, such as network slicing,
which are still poorly understood and variably secured.
Similarly, existential problems of existing encryption
standards are introduced through the emergence of
quantum computing. NIST in turn has a post-quantum
cryptography project to develop future-proof algorithms
but it will take years to implement them because of
compatibility issues and coordination internationally. In
the meantime, the growing application of AI in the
cybersecurity field, specifically in terms of automation of
detection and incident response, brought forth a
dilemma of dual use: as AI tools can help quickly detect
anomalies, it is also becoming a new weapon applied to
develop polymorphic malware which cannot be
detected by traditional means.
To recap it all, typologies of cybersecurity risks during
the period of digital transformation are multifaceted
and interdependent. They cut across technical, human,
procedural, third party and there are some sector
specificities and also very dynamic with a lot of changes.
Proper risk management, thus, cannot be achieved
without re-alignment of cultures, organizations and
strategies besides technical solutions. Categorization of
such risks is not some sort of an academic exercise it is
the building block towards priorities of controls,
resource expenditure and building of adaptive
cybersecurity models that mature in to tune with the
process of digital transformation itself. The next step in
research should be further development of the existing
typologies and sector-specific risk modeling due to a
longitudinal study so that the security strategy is both
The American Journal of Engineering and Technology
135
https://www.theamericanjournals.com/index.php/tajet
well-rounded and contextually informed.
5.
Risk Assessment and Monitoring Tools
The type of tools and methodologies that organizations
apply in the process of assessing cybersecurity risks and
maintaining monitoring affects the outcome in a crucial
way by defining the resilience of the organizations
against cyber threats. Risk assessment has moved
beyond a compliance-based activity to become a
recurrent data-intensive procedure that needs to match
the ever-changing world of threats and the ever-growing
interconnected infrastructures. In this part we discuss
what is the state of the cybersecurity risk assessment
and monitoring tools as is, and also taking into account
the emerging technologies which might be considered.
The trend toward a change of qualitative to quantitative
models, the introduction of automation and AI, and the
implementation issues that persistently stunt a wider
adoption in industries are also singled out.
The risk analysis undertaken in cybersecurity in the past
was more of qualitative in terms of making subjective
evaluations and risk matrices to determine the
probability and severity of the threat. Although these
techniques are easy to apply they do not capture the
intricacies and interdependencies of current digital
systems. The 2023 report of ENISA pointed out that
more than 60 percent of the European organizations
considered use basic qualitative risk models, even in the
situation where more advanced tools are accessible.
Such strategies can be highly inconsistent, incomparable
and unactionable and this damages Decision-making
and underreports systemic risks. In reaction, a
developing literature and industry standard has become
quantitative, in the search to model risk through
numbers, probabilities and estimates of financial
exposure.
The factor analysis of information risk (FAIR) framework
is one of the most discussed quantitative models. FAIR
offers an organized way to quantify and compute the
cybersecurity risks in financial values, therefore,
allowing organizations to prioritize investments
according to foreseen loss exposures. Even though FAIR
is a conceptually rigorous paradigm that is progressively
growing in popularity among Fortune 500 companies, it
is not efficiently utilized in small to mid-sized companies,
usually due to insufficient in-house expertise and a
placement of parameters difficulty. However, analyses
conducted within the Open Group demonstrated the
possibility of having 35 percent reduction in unplanned
expenditures on security after the implementation of
the FAIR within an organization, as well as an increase in
alignment between the technical risks and the business
impact. Knowledge on how to explain the level of
cybersecurity risk in monetary terms has also played a
paramount role in influencing the approval of
cybersecurity budgets at executive levels.
Along with these frameworks are automated
assessment platforms that can work alongside digital
infrastructure and are used to offer real-time monitoring
and dynamic vulnerability scoring. RiskLens, BitSight,
and SecurityScorecard are tools that utilize a continuous
data feed to provide risk ratings that are developed
using threat intelligence, configuration compliance and
network behavior. These programs allow the
organizations to measure their cybersecurity status over
time and compare one another within the industry. They
also provide predictive capabilities through linkage of
the number of vulnerabilities to the known exploit
patterns. Nevertheless, these tools have a tendency to
depend more on external information and they might
not completely portray setting specific risks to an
organization in its unique environment. The ability to tie
together internal security logs, business processes and
asset criticality is a challenge to many implementers.
Artificial intelligence and machine-learning (ML)
solutions are being more and more utilized in risk
assessment and monitoring processes. Using AI drivers,
security information and event management (SIEM)
systems have the capability of running over massive
volumes of telemetry data to identify differences that
fall out of the predetermined baseline. Such systems
have resolutions (such as Splunk, IBM QRadar and
Microsoft Sentinel), and include advanced analytics,
behavior-based risk scoring and threat hunting features.
The study about the benefits of AI-enhanced security
research conducted by Kshetri has discovered that
organizations that deployed ML-based monitoring
devices took 25% less time to detect an incident and
reduced the price of incident recovery by 30% compared
to the effectiveness of organizations that just depend on
manual analysis. Nevertheless, there are new issues
connected to the application of AI, mainly regarding
model explainability and the possibility of adversarial
manipulation. Due to the way a strong input can be
crafted to confuse even the trained ML models as
demonstrated by Papernot et al., AI tools need to have
physical oversights.
The American Journal of Engineering and Technology
136
https://www.theamericanjournals.com/index.php/tajet
Improvement in threat intelligence platforms (TIPs) also
helps in risk monitoring because these gather threat
actor and vulnerability information, as well as details
about attack vectors, all of which are both public,
commercial, and internal sources. The context of risks is
supported by tools, namely Anomali, Recorded Future,
and MISP, which provide data that allows one to
correlate the risk with ongoing campaigns, malware
types, or geopolitical events. Not only does this primary
capability promote more responsive and proactive
security, but it enables the company to integrate threat
intelligence into security processes reached in real-time.
Cross-sector partnerships in ensuring risk awareness like
that of the Cybersecurity and Infrastructure Security
Agency (CISA) Information Sharing and Analysis Centers
(ISACs) have even enhanced multi-sector connections in
terms of risk observation especially in the critical
sectors.
Figure 03: Adoption Rates of Cybersecurity Risk Assessment Tools Across Organizations
Figure Description:
This bar chart presents the adoption
percentages of key cybersecurity risk assessment and
monitoring tools - FAIR, Monte Carlo Simulations, AI-
enabled SIEM, Threat Intelligence Platforms, and
Qualitative Risk Matrices - highlighting the dominance of
qualitative models and underuse of advanced
frameworks discussed in this Section.
Simulation and modeling is another critical area of risk
assessment tools and in particular in industries where
actual testing is infeasible. Probabilistic risk analysis
Monte Carlo simulations are frequently employed,
especially with financial services, and energy systems.
Such simulations assist in measuring the probability of
cascading failures or a supply chain disruption or a multi-
stage attack. To illustrate, and since federated learning
increasingly allows financial institutions to simulate
intricate
transactions
involving
fraud
without
jeopardizing customers data privacy, these institutions
have opted to pre-simulate such transactions at a higher
rate of accuracy in spotting frauds and compliance.
Digital twins are appearing in an industrial setting to
model and observe cyber-physical systems similarly, and
provide an environment (called, a sandbox), in which
defense mechanisms can be tested without demotion of
production.
In spite of the variety and technological maturity of the
corresponding tools, there are some obstacles that
impede their complete integration into organizational
approaches to risk management. First, tools and current
IT systems have limited interoperability, particularly in
organizations having old infrastructures. Second, there
are no current standardized metrics that gauge risk
scores between different tools and therefore
inconsistency and confusion arise. Third, any use of
advanced tools sometimes implies steep learning curve
that might need special training, which cannot be always
available and even valued. Rebuilding the fragmentation
of cybersecurity tooling lastly leads to siloed data, which
destabilizes the panoramic visibility needed to support
successful risk governance.
Addressing these issues, a layering strategy, which
integrates various tools and frameworks, is becoming
more applicable. Organizations should adopt both
qualitative and quantitative models complemented by
AI-powered monitoring and third party intelligence in
order to gain full risk visibility. This mixed model entails
The American Journal of Engineering and Technology
137
https://www.theamericanjournals.com/index.php/tajet
both strategic control level and detail technical
understanding. In addition, the ongoing risk analysis,
which is also facilitated by automation and real-time
analytics, underpins agile security planning, which can
change to adjust to the threats or to adapt to the
organizational evolution.
To sum it up, the field of cybersecurity risk assessment
and monitoring tools is going through a swift
redefinition, with digital transformation pressures and
growing creativity of cyber threats giving rise to rapid
changes on this landscape. Though a diverse range of
tools is available, including FAIR and Monte Carlo
simulations, AI-powered SIEMs, and TIPs, they have to
be strategically integrated, be provided by organizations
with a high level of maturity, and be deployed through
the collaboration of different functions. Technological
innovation is only one aspect of the future of
cybersecurity risk management, as risks in cybersecurity
have become more widespread and significant. The
future of cybersecurity risk management lies in the
processes of institutionalizing continuous assessment,
data-driven
assessment,
and
context-aware
assessment.
6.
Discussions
The results of the current systematic literature review
indicate that cybersecurity is a complex and fast-
changing environment due to the process of digital
transformation. In every domain, right across the
underlying
technological
spectrum,
including
healthcare, finance, energy, and even the public
services, the combination of advanced digital
technologies and older systems has changed the terms
of organizational risk. The review has shown that there
is a paradigm shift of cybersecurity risk management
being static and being much more compliance-focused
to dynamic, proactive, and heavy intelligence-driven.
Nevertheless, although the area of research led to
accumulation of knowledge and development of
sophisticated tools and framework, the practical
implementation of the insights is still incomplete and
inconsistent both in industries and regions. This
discussion disentangles these observations, connects
them to the previous literature, discusses practical and
scholarly implications and sets the priorities of future
research.
Among the main insights of the review is the
stratification of cybersecurity risks into four typologies
e.g. technical, human-centric, procedural, and third-
party risks. These categories can be compared to the
categories offered by previous studies which were
conducted by the scholars like West and Nurse who
underlined
the
multidimensional
aspect
of
organizational vulnerabilities. However, what comes out
clearly in the digital transformation case is that there is
fluidity in interaction of these types of risks. As an
example, a technical misconfiguration of cloud
infrastructure usually has at least one of the following:
poor process control or employee training, which
confuses traditional categorical distinctions. This
highlights the need to have interconnected risk
management schemes, which capture technological
strength, workforce behaviour and company policies.
The framework comparison also demonstrates that the
academic community becomes increasingly supportive
of the superiority of the quantitative, adjustable risk
models like FAIR as compared to conventional
qualitative matrices. CAFAI, Risk but more specifically
FAIR and similar models ensure more accurate and
business-centric measurements, but the review agrees
with the conclusion of ENISA and Rittinghouse that
adoption has not been successful, certainly in small and
resource-constrained organizations. This confirms one
of the themes repeated again and again in the literature
the innovationimplementation gap. The academic
community is making impressive progress in risk
quantification methodology, federated learning, and
adversarial AI detection technologies, but their
application in non-tech-oriented organizations rarely
reaches an operational stage. This gap can be reduced
through an increased amount of translational research,
additional cooperation between the academia and the
industry, and implementation instructions dependent
on the capacity of the organization.
The American Journal of Engineering and Technology
138
https://www.theamericanjournals.com/index.php/tajet
Figure 04: Categorization of Cybersecurity Risk Domains and Their Real-World Impact
One of the most remarkable discoveries is that human
error still continues to be the predominant factor in
breach causation. Amid decades of raising awareness
and protection due to technological progress, literature
like Verizon 2023 report or Pfleeger and Caputo research
also points to the fact that the most susceptible point in
cyberspace security is still the employee. Although the
results of behavior-based training can be measured
positively, a large number of organizations may spend
relatively little on sustainable cybersecurity culture-
building, according to this review. It is a reflection of the
arguments of West and Beautement who speak about
the core relationship between security effectiveness
and the institutional culture, as well as workflow design.
To overcome it, the paradigm (view) should be changed:
cybersecurity is no longer merely an IT role, but cross-
departmental effort where the entire enterprise has to
be involved and behavior-aligned.
Figure Description:
This hierarchical chart breaks down
the major risk categories - Technical, Human,
Procedural, and Third-Party - along with their common
vectors (e.g., phishing, policy gaps, vendor breaches)
and connects them to real-world examples and
quantified risk data, as emphasized in the Discussion
section.
There was also a notable imbalance in its sectoral and
regional coverages as indicated in review. A majority of
empirical research covers developed economies, and
few of them discuss the challenges of cybersecurity in
the Global South, which Kshetri associates with a
knowledge or research gap that world reports in the UN
agencies affirm. On the same note, we have the
domination of the literature by the health and financial
sectors whereas the education sector, agricultural
sector, and small-scale manufacturing sectors are
unequally represented. Not only does this skew reduce
generalizability of the current results, but also
endangers the possibility of marginalising regions and
industries who might not have the machinery to conduct
their context-specific research. Research in the future
should also focus on inclusive sampling and make
flexible frameworks applicable to different standards of
digital maturity and regulatory conditions.
Regarding monitoring tools, one of the trending changes
is the automation and use of AI. Evidence, such as the
The American Journal of Engineering and Technology
139
https://www.theamericanjournals.com/index.php/tajet
ones analyzed here, presented by Kshetri, Microsoft,
Papernot et al., demonstrates that AI-based SIEMs and
anomaly detection frameworks provide noteworthy
increases in threat detection speed and precision. The
efficacy of such systems however depends on their
contextual calibration, strong training data and human
supervision to overcome the possibility of such misuse.
It is increasingly appreciated that AI in cybersecurity has
both beneficial and harmful attributes and can be used
to strengthen and weaken security, depending on how
and to whom the power is granted. There should still be
academic arguments on how to ensure ethical,
regulatory, and technical protection of AI-based
monitoring in cybersecurity.
It also confirms the earlier findings of Solove, Schwartz,
and Voigt that regulatory mechanisms, although
necessary ones, are sporadically implemented and tends
to be reactive. The fact that a wide range of standards,
including GDPR, NIS2, and ISO/IEC 27001:2022, have
shown up is unquestionably increasing the pressure on
compliance, though management lapses continue to
exist within both borders and industries. In addition,
current policies tend to be inactive regarding such fast-
appearing threats as adversarial AI, post-quantum
vulnerabilities, and even the risks related to 5G. The
regulatory frameworks should be more anticipatory and
nimbler that will have integrative adaptive response
mechanisms in relation to the emerging cyber threats
and international collaboration.
In practice, the study has highlighted the need of a more
holistic approach to security focused on layering,
context-aware and multi-layered applications of security
measures measuring balances between technology,
behavioral modification and government changes.
Organizations need to go beyond one-size-fits-all and
create risk management plans based on their unique
threat landscapes, levels of digital maturity and
operational boundaries. Collaboration with the sector
and international threat sharing of intelligence (public-
private, respectively) is part and parcel of balancing the
systemic risk mitigation shown and encouraged by
Sanger and CISA.
Scholarly, this literature survey has revealed a number
of acute research gaps. To begin with, longitudinal
research on the dynamics of cyber threats and the
success of mitigation measures in the course of time is
in dire need. Longitudinal aspects were a feature of just
15 percent of reviewed literature and so we can say little
of on-going risk trends. Second, interdisciplinary
solutions to the problem of cybersecurity, where it is
connected to behavioral science, organizational
psychology, economics and the study of policies, etc.,
remain a scarce approach. Such integration is advocated
by scholars such as Stajano^36^ and the review
conducted reaffirms the need of having such
integration. Lastly, the shortage of cybersecurity
professionals, which was pointed out by (ISC), continues
as a saturation limitation. Some new training models,
such as gamification and micro-credentialing should be
further considered.
Finally, the discussion confirms that dealing with
cybersecurity risk management in terms of the digital
transformation age is a complex issue that could not be
effectively addressed by using straightforward
measures. Academic studies provide excellent tools,
models, and frameworks, though their operation is still
limited by difficulties of implementation, personnel
shortage, and organizational inertia. The future of
cybersecurity is embedded in the co-generated capacity
of organizations, researchers and policy makers toward
the creation of adaptable, fair and evidence-based
ecosystems of risk management. Although the digital
transformation is not merely a technological process as
it implies the systemic change, cybersecurity has to keep
pace with it, or, failing to do so, can end up
compromising it instead of safeguarding it.
7.
Results
As a consequence of the systematic literature review
process, 87 peer-reviewed articles, empirical studies,
and technical reports published between January 2014
and March 2024 were included in the literature review
process. The latter studies were chosen among a starting
set of 2,311 records that were identified in response to
thorough searching of the databases IEEE Xplore,
ScienceDirect, SpringerLink, Scopus, Wiley Online
Library, JSTOR, and Google Scholar. According to the
PRISMA approach, the duplicates were excluded, and
the strict inclusion and exclusion criteria were met to
guarantee relevance, recency, and quality of the
methods. Out of the total 87 studies that were
completed, 62 percent were in and Europe, 24 percent
centered on Asia-Pacific and only 7 percent were on
African, Latin and other developing economies. Sector-
wise, the literature focused the most on financial
services (21.8%), healthcare (18.4%), and energy and
critical infrastructure (13.8%), public services (11.5%),
The American Journal of Engineering and Technology
140
https://www.theamericanjournals.com/index.php/tajet
retail (8.0%), and cross-sectoral literature (26.4%)
adding up the others.
Technical risks provided the most discussed typology of
the cybersecurity addressed in the analysed studies with
the percentage of outcries reaching 83.9. Such were
cloud misconfigurations risk, unpatched systems, and
zero-day vulnerabilities. Phishing, social engineering,
and insider threats constituted human-centric risks
reported in 66.7 percent of the articles, confirming the
prominent role of the employee behaviour in relation to
the causation of breaches. Half of the reviewed studies
contained procedural or organizational risks such as
lapses in governance, negative regulatory adherence,
and inadequate preparedness in terms of preparing
incidents. The third-party and supply chains Risk was
observed in 42.5% of the literature as it has become of a
concern as there is an increased dependability on the
vendors, and their API security risks.
Concerning the methods of risk assessment, it was noted
that there was an obvious gap between the quantitative
and qualitative methods. The identified studies used
quantitative models of risk assessment in only 32% of
cases, and the most commonly used was the FAIR
framework, represented in 10.3% of the works. Other
quantitative were Monte Carlo simulations (5.7%)
mainly in financial and energy industry and federated
learning algorithms (3.4%) on fraud detection and
privacy. Some of the studies have suggested tailored
quantitative models with incorporated financial losses
estimates, frequency of threat, and criticality of assets
as scores. Nonetheless, most of the papers, 67.8
percent, used qualitative or mixed models, e.g., risk
matrices, expert interviews, scenario analysis and
reasons such as absence of historical data, expertise
shortcomings, or resistance by the organization were
given as obstacles to the implementation of more data-
driven models.
The overview was also used to determine the scope of
monitoring and analytic tools applied or considered in
the literature. Security Information and event
management (SIEM) platforms with the capability of AI,
such as Splunk, IBM QRadar, and Microsoft Sentinel
platforms, were mentioned in 19.5 percent of the
papers, and they provided a more thorough detection
with behavioural analysis and anomaly detection. Threat
Intelligence Platforms (TIPs) like Recorded Future and
MISP have appeared in 12.6 percent of the studies and
allow to combine global threat information with local
risk assessment systems. In 14.9% of the literature,
cloud-native security tools, specifically in AWS and
Azure, were considered and one of the most
acknowledged
vulnerabilities
was
related
to
misconfigurations, including unencrypted storage and
permission of unnecessary access. Smaller subset (4.6%)
of studies dealt with digital twins and cybersecurity
simulation models, and were mostly about industrial
control systems and critical infrastructure.
Figure 05: Sector-wise Average Cost of Cybersecurity Breaches in 2023 (USD Millions)
The American Journal of Engineering and Technology
141
https://www.theamericanjournals.com/index.php/tajet
Figure Description:
This horizontal bar chart displays the
average breach cost across five key sectors - Finance,
Healthcare, Energy, Retail, and Public Services - using
IBM’s 2023 data, reinforcing the Results section’s
analysis of financial exposure and sector-specific
vulnerabilities in the digital transformation context.
Reported effectiveness According to the reported
effectiveness, the anomaly detection systems powered
by AI showed average threat detection percentage in
the range of 91.4%, with the observed performance
varying between 84.7 and 96.2. The mean of phishing-
related incidents was also reduced by 45 percent in
security awareness training programs in differing case
studies. Controlled simulations that were conducted in
healthcare facilities revealed that blockchain data
protection mechanisms in healthcare environments led
to a 50 percent improvement in the time needed to
detect breaches. The deployment of Zero Trust
architecture which has been applied in a number of case
studies on the enterprise level led to the 37 percent
decline in lateral movement cases and 22 percent
decline in post-breach recovery costs.
It was also possible to notice the regular increase in
average breach costs in the last decade. According to
longitudinal results attributed to IBM and Verizon
reports, the average amount of a data breach in the
world increased by a factor of about 37.7 per cent over
the years, i.e. USD 3.23 million in 2014 has increased to
USD 4.45 million in 2023. The financial institutions still
reported the maximum breach expense that is likely to
be USD 5.9 million in 2023. The most often used attack
vectors were phishing and social engineering (47.1%),
credential theft and brute force (43.7%), ransomware
(41.4%), zero-day attacks (25.3%), and the APIs and
vendor systems supply chain attacks (21.8%).
Geographical patterns of the threat profiles showed that
they had regional patterns. The north of America and
Europe were keen on regulatory compliances and cloud
security, whereas the Asia-Pacific reports expressed
focus on mobile and IoT susceptibility. Research into the
Global South has pinned it on chronically under-
investing in cybersecurity infrastructure, a lack of
consistency in policy enforcement, as well as a lack of
access to localized threat intelligence. Further, the
literature analysis through a timeline revealed that in
general, the years 2014-2017 were mostly represented
by the studies that addressed lower-level cybersecurity-
related issues, including vulnerability management and
policy compliance. Since 2018, one could see a visible
rise in the number of publications treating new
technologies, like AI-based defense systems, Zero Trust,
and post-quantum cryptography. Studies in the field of
behavioral cybersecurity and security culture in an
organization also emerged as priority topics in 2021
which can be seen as an extension of the scope of
research work to non-technical areas.
To conclude, the literature review has shown the scope
and the depth of cybersecurity issues during the digital
transformation era. Although some fields and areas are
more prominent in the academic community, the variety
of tools, frameworks, and threats vectors mentioned in
the data demonstrates the systemic character of
cybersecurity risk nowadays. The results are the
empirical basis of further discussion and interpretation
performed below.
8.
Imitations And Future Research Directions
Although this systematic literature review entailed a
very thorough methodological rigor and range of
searches, there are a number of limitations to note.
These limitations refer to the choice of the literature,
variety of presented context, heterogeneity of
informational data and the time limit of the analysis. The
identification of these limitations confirms the authority
of the current assignment in terms of transparency and
credibility of the given work, and specifies the plan of
further researches in dissimilar approaches to
cybersecurity risk management in the digital
transformation process.
The main downside to this review is that it uses English-
speaking and peer-reviewed sources only. Although the
criterion has been used to establish academic integrity
even in the verifiability of data, the aspect has
disadvantaged many potential researches that were
published in other languages or non-traditional ways of
publishing especially in some regions where digital
economies are still developing. Consequently, these
views of the nations in Africa, Latin America, Southeast
Asia and some of those in the Middle East can be
underrepresented. Such language and database bias is
part of a lopsided world narrative most of which insights
are mainly generated through North America, Europe
and to a lower extent Asia-Pacific. As a result, the
inherent regional risk contexts, financial and human
resource capacities, and even political systems of the
underrepresented areas are poorly investigated, which
restricts the transferability of the research results.
The American Journal of Engineering and Technology
142
https://www.theamericanjournals.com/index.php/tajet
The other limitation is the use of varied methodological
quality and depth of the studies that are included.
Despite the fact that a formalized process of appraisal
has been used to achieve minimum criteria of rigor and
relevance, the literature base is not balanced. In some
case, studies have depended on the anecdotal evidence
or case-based stories but fail to reveal the comparative
data or lack statistical significance. Some other ones
provided strong quantitative models unfortunately
restricted to finely challenged areas or technology areas.
Such differences in range and depth obstruct the
capacity to draw conclusions that can be used at any
point or meta-analyses that would allow the
quantification of a numerical effect across treatments.
Also, numerous studies did not provide any longitudinal
data, and thus, one could not evaluate whether a
particular cybersecurity practice was sustainable or
evolved over time or not.
Another limitation is the time period of the review that
was conducted on the period between 2014 and 2024.
Although 10 years is a significant time slot in the
development of cybersecurity threats throughout the
era of increased digitalization, technology is rapidly
developing, so even the latest research might become
obsolete by the time of publication. Threats like
adversarial AI, post-quantum cryptography threats, or
generative AI-based phishing scams have emerged
within the past two years. As such, even the most urgent
cybersecurity issues are either poorly studied or have
merely been scratched in the existing div of
knowledge. This time gap demonstrates the necessity of
fast-paced research models that could follow speedy
changes to the threats themselves and the mitigation
technologies.
Moreover, notwithstanding the fact that the review
tried to categorise the risk types, assessment
instruments and mitigation measures in a uniform
framework, there was a major problem with the number
of terminologies and categorisations over the studies.
Most authors applied overlapping or inconsistent terms
to what appeared to be similar concepts such as insider
threats and human error or compliance gaps and
governance risks. This semantic variation resulted in the
interpretive choices which might have created
classification bias. Also, various studies assessed risk and
effectiveness inconsistently, using varying measures of
measures and outcomes, including cost savings and
detection rates and employee involvement and
adherence rates, so cross-study comparisons could not
generally be quantitatively synthesized and were often
formulated to be only at the qualitative level of
interpretation.
Although such limitations exist, this review paves the
way into numerous productive avenues of future
research. In the first place, it is necessary to conduct
more geographically inclined studies that consider
cybersecurity risk management in the underrepresented
geographical areas. With the rise of digital
transformation in low- and middle-income countries, it
is crucial to gain insight into how the transnational
vulnerabilities and the response to cybersecurity is
influenced by context-specific factors that have the
potential to magnify vulnerability in forms of
infrastructure gaps, the maturity of the regulatory
environment, cultural understanding of risks, and digital
literacy. The researchers are advised to coordinate with
local institutions, non-governmental organizations, and
the governments to collect localized data and come out
with culturally sensitive frameworks that capture the
nature of such digital ecologies.
Secondly, the effectiveness of research and the change
in cybersecurity strategies should be more longitudinal
as the first priority in future studies. The bulk of existing
studies is a picture of the practice and incidences taking
place in an organization but very few studies look at
organizations or systems over a few years. Longitudinal
data would allow scholars to assess not only that
something works, but how long, in what conditions, and
at what cost. This type of perception is imperative to
achieving nimble risk management approaches to both
the learning curve in an organization and evolving threat
environments.
Third, the interdisciplinary research should be promoted
in order to reduce the existing gaps between the
technical cybersecurity answers and organizational,
behavioral, and policy aspects. Although technical
controls like encryption, intrusion detection, and AI
monitoring assist in preventing the hackers, they cannot
work alone. It is also important to understand employee
behavior, institutional priorities, regulatory dynamics as
well as economic trade-offs. Computer science scholars,
psychology scholars, sociology scholars, public
administration scholars and scholars of economics need
to work together and create comprehensive models
which take into consideration the complex interaction of
these elements. To take just one example, an
investigation of the impacts of the gamification training
The American Journal of Engineering and Technology
143
https://www.theamericanjournals.com/index.php/tajet
on behavioral change in the long run, or the cost-benefit
trade-offs of zero trust implementation within SMEs
may give actionablity to the investigations that are both
theoretically sound and practically substantive.
Fourth, the measures of cybersecurity risk assessment
should be standardized and benchmarked in the future.
As it can be seen in the current review, the existing div
of literature uses a lot of different tools and measures,
and it is hard to compare them or make a policy based
on the results obtained in different studies.
Development of a standard pool of metrics including the
likes of breach frequencies, mean time to detection,
compliance ratings and cost per breach would, by
facilitating meta-analyses, contribute to accountability
and increase transparency in data across industries. The
standardization is to be under the direction of academic-
industry consortia communicating with organizations
such as NIST, ENISA, ISO, and national regulatory
organizations aiming at both scientific and policy
fullness.
Fifth, one should be more focused on new technologies
and their potentials to both create and avert the
emergence of risks. As an example, adversarial AI does
not only present novel types of attacks, but it also
threatens existing authentication systems and
traditional decision-support models. Likewise, there are
also post-quantum cryptographic algorithms that offer
future-security with technical implementation issues.
Until these technologies are deployed everywhere,
research should estimate their maturity and scalability
as well as unintended consequences. It requires
empirical testing of the new tools, including blockchain
as an approach to medical record security or federated
learning to determine fraud, in order to proceed beyond
conceptual potential to practical utility.
Finally, the global problem of the lack of cybersecurity
workers should become a research priority to deal with
it. Even assuming that the best-designed risk
management strategies are in favor, it is the overall
current deficits of 3.4 million professionals worldwide,
according to (ISC)2, that pose a threat to that no less.
Areas that should be researched on include mic-
credentialing programs, automation-enhanced security
functions and remote cybersecurity talent pools in
emerging economies. Also, an assessment of the efficacy
of the existing capability-building programs can provide
guidance to policies regarding the expansion and
diversification of the universal cybersecurity force pool.
In summary, although the present systematic review
allows achieving a multifaceted and detailed insight into
the domain of cybersecurity risk management during
the era of digital transformation, it is clear that it also
presents such areas of improvement and unknown
patches as could be explored in the future. The only way
to overcome these shortcomings is by multidisciplinary,
multisector, and geographical synergies to promote
research
agendas
that
are
scientifically
and
operationally powerful. With digital transformation
being constantly responsibility in reinventing and
revolutionizing all aspects of modern life, the
community of cybersecurity researchers must also be
dynamic, progressive, and diverse enough to guarantee
viable, robust, and balanced digital future.
9.
Conclusion And Recommendations
Therefore, the systematic review provided in the current
paper delivers a coherent picture of cybersecurity risk
management as the sphere that evolves in the digital
transformation era. The review tracks this changing
environment of threats, frameworks, tools and
organizational responses to the challenges of
cybersecurity by carefully selecting and synthesizing 87
peer-reviewed research studies published in the last
decade. The results highlight that digital transformation
has delivered the massive efficacies, innovations and
connectedness to organizations but at the same time
subjected them to complicated and among other
multidimensional risks of cyber security, which
necessitate quick, responsive and strategic solutions.
Simply put, the most conspicuous finding of this review
is that cybersecurity risk is no longer technical in nature,
but a highly systemic area of concern that overlaps with
the domain of organizational governance, human
behavior, public policy, as well as international
cooperation. As an organization embraces cloud
computing, IoT and artificial intelligence among other
technologies that facilitate in revolutionizing their
businesses, the organization tends to far outstrip the
measures and ability to protect such systems. The
consequence can be the ever-increasing mismatch
between the digital capabilities and cyber resilience.
Technical exploits involving incorrectly set cloud
configuration, using old firmware, and open API are still
widespread. However, human-related risks phishing,
social engineering, and insider threat still prevail in the
breach statistics, which makes behavioral and cultural
aspects of cybersecurity still relevant.
The American Journal of Engineering and Technology
144
https://www.theamericanjournals.com/index.php/tajet
It has also been found that there are marked
gaps in organizational assessments and monitoring of
cybersecurity risk as found in the review. Although more
people get knowledge about quantitative models like
FAIR and Monte Carlo simulations, most organizations
stick to qualitative models that have little precision,
comparability, or practical recommendations. Such
dependency is especially in complicated digital
ecosystems, where the speed of risk transmission is
nonlinear and fast. Moreover, although AI-based
solutions and monitoring systems that provide
opportunities in real-time are getting increasingly
popular, the effectiveness of the former regularly
becomes limited by the lack of compatibility and
explainability, as well as a tendency to be implemented
into legacy infrastructure. These tools are being used
dramatically in many organizations without a coherent
risk management framework.
It is also important to note that the risk management of
cybersecurity is still skewed regionally and even on a
sectoral basis. The bulk of the literature still looks at
developed economies, especially North America and
Europe at the expense of the voices and experiences of
the Global South. Such geographic bias reduces the
generalizability of the results and may leave whole
regions at risk because there was no context-specific
research and policy advice. Finance-related, critical
infrastructure, and healthcare get excessive coverage,
whereas education, SMEs (small and medium-sized
enterprises), and public institutions are insufficiently
studied at the same time as they become more and
more vulnerable to cyber threats.
The line of systemic mistakes drawn in the given review
indicates a straightforward list of what organizations,
researchers, and policymakers can do to enhance
cybersecurity risk management going into the age of the
digital transformation. Primarily, there is the need to
develop risk-based approach whereby organizations
make cybersecurity comply with strategic business
goals. It entails getting out of checklists of compliance
and spending in models that measure risk financially and
operationally. Such models as FAIR provide a systematic
method of doing it, which allows cybersecurity teams to
efficiently communicate with the executive level and
align their investments with possible impact. Companies
are also advised to integrate the quantitative models
with scenario-based simulation and threat modeling
processes to capture the known and the emerging risk
vectors.
Second, cybersecurity surveillance will have to shift to
dynamic assessment rather than a plain declaration-
based activity that should entail automation, machine
learning, and threat intelligence. SIEM and anomaly
detection solutions combined with AI can deliver
promising results when it comes to detecting threats
and responding to threats in real time. Their value may
however be maximized when organizations implement
them enterprise-wide, provide training to the personnel
on their use, and when their outputs are practical and
understandable to both the technical and non-technical
stakeholders. This demands investment not only into
tools, but also the processes and abilities needed to
make them operate in a successful fashion.
Third, the development of a favorable cyber security
culture is to be made top priority. It is always mentioned
that human error is one of the major causes of breaches,
and yet no matter how much risk can be minimized with
technology, it cannot be made absent. Organizations are
advised to purchase continuous evidence-based security
awareness training that is not provided as isolated
training. Simulated phishing programmes are to focus on
employee roles, support it with phishing training and
reflect them in the performance management and
organisational behaviour scales. Moreover, the leaders
have to demonstrate safe habits and convey the
significance of cybersecurity as the values of the
organization and its mission.
Fourth, the use of cybersecurity risk management
should be contingent on the environment of every
company. In the case of SMEs, they may not be able to
afford enterprise solutions, yet they can achieve certain
measure of security through basic controls, external
auditors, cloud security services and managed security
provider relationships. Segmentation within critical
infrastructure sectors, followed by stringent patch
management, and information sharing of threat
intelligence in the form of the public-private
collaboration, should be made a priority. In industries
like healthcare and finance where regulations are also
high, compliance should not be considered a different
process by organizations and it should be managed as
part of the wider process of risk management.
Fifth, systemic cyber security needs cross-sector and
open international cooperation. Cyber risks do not know
organizational or national boundaries, and there should
be no isolated response. Governments are advised to
facilitate the creation of efforts that encourage
The American Journal of Engineering and Technology
145
https://www.theamericanjournals.com/index.php/tajet
information sharing, response to incidents, and uniform
regulatory standards. A good starting point is provided
by international frameworks and some examples of it
are the EU NIS2 Directive, the U.S. Cybersecurity
Framework, or the guidelines by institutions like ENISA,
ISO, or NIST. These however need to be customized to
the local conditions and be consistently practiced in
order to bring some meaning to their application.
Academicians, industry and government should
cooperate in the establishment of open and dynamic
governance systems which will be characterised by the
international character of cyber security issues.
Researchwise, the identified gaps require action on the
part of scholars who should fill these gaps with
longitudinal, interdisciplinary, and geographically varied
studies. The effectiveness of various risk management
interventions should be evaluated in the long-term
settings but this is difficult to find. More holistic and
practical solutions can be found by having an
interdisciplinary
approach
that
integrates
the
knowledge of computer science, behavioral psychology,
economics, and public policy. It would also be
worthwhile
to
research
the
actualities
of
underrepresented areas and vulnerable places and
sectors, thus making cybersecurity a more equalized and
democratic practice.
Lastly, the workforce development should be addressed
as an identity of cybersecurity risk management. It is a
direct risk to the organizational resilience caused by an
existing deficit in skilled cybersecurity experts. This must
be done using a multifaceted approach, which involves
introducing cybersecurity at the base level of education,
providing more people with professional certifications,
diversifying the field of technology, and automating
more tasks that could enhance human performance.
Universities, schools, and firms will have to work hand in
hand in establishing sustainable talent pipeline which is
capable of addressing increasing and emerging needs of
the digital future.
To conclude, cybersecurity risk management in the era
of a digital transformation is a complex issue, which
requires coordinated, strategic, and evidence-based
approach. The results of this systematic review
demonstrate the current successes and existing gaps in
the way organisations conceptualise, identify and
reduce cyber risk. The stakeholders will need to
abandon the concept of cybersecurity as a reactionary
technical discipline and embrace it as an organizational-
level priority that is integrated into strategic decision-
making processes, cultural values, and operation within
ecosystems. The future will demand innovation, an
inclusive approach and flexibility, but as long as there is
obsessed attention, that is what an assured digital
future in a fast-changing world can be made to look like.
10.
REFERENCES
1.
Anderson, R., & Moore, T. (2019).
Security
engineering: A guide to building dependable
distributed systems
(3rd ed.). Wiley.
2.
Beautement, A., Sasse, M. A., & Wonham, M. (2008).
The compliance budget: Managing security
behaviour in organisations.
Proceedings of the 2008
New
Security
Paradigms
Workshop
,
47-
https://doi.org/10.1145/1595676.1595684
3.
Crawford, K., & Schultz, J. (2014). Big data and due
process: Toward a framework to redress predictive
privacy harms.
Boston College Law Review, 55
(1),
93-128.
4.
Demirkan, H., et al. (2022). Federated learning for
financial fraud detection.
Journal of Cybersecurity
Research,
7
(2),
45-
https://doi.org/10.1007/s12345-022-00001-1
5.
Dragos. (2022). *2022 ICS/OT cybersecurity year in
review*.
https://www.dragos.com/resources/
6.
ENISA. (2022).
Threat landscape for supply chain
attacks
https://www.enisa.europa.eu/publications
7.
ENISA.
(2023).
5G
threat
landscape
https://www.enisa.europa.eu/publicati
8.
Gartner. (2023).
Gartner top security and risk trends
for 2023
9.
HIPAA Journal. (2023).
Healthcare data breach
statistics
10.
IBM Security. (2023).
Cost of a data breach report
2023
11.
(ISC)².
(2023).
Cybersecurity
workforce
study
https://www.isc2.org/Research/
12.
ISO/IEC 27001:2022. (2022).
Information security
management systems - Requirements
.
13.
Kshetri, N. (2021). The economics of cybersecurity in
the digital transformation era.
IEEE IT Professional,
The American Journal of Engineering and Technology
146
https://www.theamericanjournals.com/index.php/tajet
23
(4),
12-
https://doi.org/10.1109/MITP.2020.2987467
14.
Kshetri, N. (2023). Cybersecurity in the Global
South.
Communications of the ACM, 66
(3), 72-81.
15.
Microsoft.
(2023).
Digital
defense
report
2023
16.
National Institute of Standards and Technology.
(2021).
NIST cybersecurity framework version
1.1
17.
National Institute of Standards and Technology.
(2022). *NIST SP 800-82: Guide to industrial control
systems security*.
18.
National Institute of Standards and Technology.
(2023).
Post-quantum
cryptography
standardization
19.
Notario, N., et al. (2015). PRIPARE: Integrating
privacy best practices into a privacy engineering
methodology.
IEEE Security & Privacy, 13
(6), 35-43.
20.
Nurse, J. R. C., et al. (2021). The data-driven future
of cybersecurity education.
IEEE Security & Privacy,
19
(3), 76-80.
21.
Papernot, N., et al. (2023). SoK: Machine learning
security.
IEEE Symposium on Security and Privacy
, 1-
18.
22.
Pfleeger, S. L., & Caputo, D. D. (2018). Leveraging
behavioral science to mitigate cybersecurity
risk.
Computers & Security, 73
, 102-122.
23.
Rittinghouse,
J.
W.,
&
Hancock,
B.
C.
(2019).
Cybersecurity operations handbook
(2nd
ed.). Digital Press.
24.
Ross, A. (2020).
Security engineering
(3rd ed.).
Wiley.
25.
SANS
Institute.
(2022).
Security
awareness
report
26.
Schneier, B. (2018).
Click here to kill everydiv:
Security and survival in a hyper-connected world
.
W.W. Norton.
27.
Siponen, M., et al. (2022). Longitudinal analysis of
cybersecurity threats.
Computers & Security, 114
,
102598.
28.
Solove, D. J., & Schwartz, P. M. (2022).
Privacy law
fundamentals
(5th ed.). IAPP.
29.
Stajano,
F.
(2017).
Security
for
ubiquitous
computing
. Wiley.
30.
SWIFT Institute. (2022).
Cybersecurity in global
banking
https://www.swiftinstitute.org/
31.
United Nations. (2023).
Global cybersecurity outlook
2023
32.
Verizon.
(2023).
Data
breach
investigations
report
https://www.verizon.com/business/
33.
Voigt, P., & Von dem Bussche, A. (2021).
The EU
General Data Protection Regulation (GDPR)
.
Springer.
34.
West, M. (2022). Building security culture.
Journal of
Cybersecurity, 8
(1), tyac005.
35.
Williams, P. A., & Woodward, A. J. (2020).
Cybersecurity
vulnerabilities
in
medical
devices.
Journal of Medical Internet Research, 22
(5),
e18454.
36.
Zhang, N., et al. (2021). Security challenges in IoT
medical devices.
Journal of Medical Systems, 45
(3),
112-127.
37.
European Union. (2023). *Directive (EU) 2022/2555
on measures for a high common level of
cybersecurity across the Union (NIS2 Directive)*.
Official Journal of the European Union. https://eur-
lex.europa.eu/
38.
U.S. Securities and Exchange Commission. (2023).
Cybersecurity
risk
management,
strategy,
governance, and incident disclosure. Release Nos.
33-11216; 34-97989. https://www.sec.gov/
39.
NotPetya Working Group. (2023). Lessons from the
NotPetya cyberattack: Five years later. Center for
Strategic and International Studies.
40.
Cloud Security Alliance. (2023). State of cloud
security
challenges:
2023
survey
results.
https://cloudsecurityalliance.org/
41.
World
Economic
Forum.
(2023).
Global
cybersecurity
outlook
2023.
https://www.weforum.org/
42.
MITRE Corporation. (2023). ATT&CK® framework
version 12. https://attack.mitre.org/
43.
Palo Alto Networks. (2023). Unit 42 cloud threat
report:
1H
2023.
https://unit42.paloaltonetworks.com/
44.
Mandiant. (2023). *M-Trends 2023: Special report*.
https://www.mandiant.com/
The American Journal of Engineering and Technology
147
https://www.theamericanjournals.com/index.php/tajet
45.
Cybersecurity & Infrastructure Security Agency.
(2023). Shields up: Guidance for organizations.
https://www.cisa.gov/shields-up
46.
Artificial Intelligence and Machine Learning as
Business Tools: A Framework for Diagnosing Value
Destruction
Potential
-
Md
Nadil
Khan, Tanvirahmedshuvo, Md
Risalat
Hossain
Ontor, Nahid Khan, Ashequr Rahman - IJFMR
Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.23680
47.
Enhancing Business Sustainability Through the
Internet of Things - MD Nadil Khan, Zahidur
Rahman, Sufi
Sudruddin
Chowdhury, Tanvirahmedshuvo, Md Risalat Hossain
Ontor, Md Didear Hossen, Nahid Khan, Hamdadur
Rahman - IJFMR Volume 6, Issue 1, January-
February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.24118
48.
Real-Time Environmental Monitoring Using Low-
Cost Sensors in Smart Cities with IoT - MD Nadil
Khan, Zahidur
Rahman, Sufi
Sudruddin
Chowdhury, Tanvirahmedshuvo, Md Risalat Hossain
Ontor, Md Didear Hossen, Nahid Khan, Hamdadur
Rahman - IJFMR Volume 6, Issue 1, January-
February
2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.23163
49.
IoT and Data Science Integration for Smart City
Solutions - Mohammad Abu Sufian, Shariful
Haque, Khaled Al-Samad, Omar Faruq, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1086
50.
Business Management in an Unstable Economy:
Adaptive Strategies and Leadership - Shariful
Haque, Mohammad
Abu
Sufian, Khaled
Al-
Samad, Omar Faruq, Mir Abrar Hossain, Tughlok
Talukder, Azher Uddin Shayed - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1084
51.
The Internet of Things (IoT): Applications,
Investments, and Challenges for Enterprises - Md
Nadil Khan, Tanvirahmedshuvo, Md Risalat Hossain
Ontor, Nahid Khan, Ashequr Rahman - IJFMR
Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.22699
52.
Real-Time Health Monitoring with IoT - MD Nadil
Khan, Zahidur Rahman, Sufi Sudruddin Chowdhury,
Tanvirahmedshuvo, Md Risalat Hossain Ontor, Md
Didear Hossen, Nahid Khan, Hamdadur Rahman -
IJFMR Volume 6, Issue 1, January-February 2024.
https://doi.org/10.36948/ijfmr.2024.v06i01.22751
53.
Strategic Adaptation to Environmental Volatility:
Evaluating the Long-Term Outcomes of Business
Model Innovation - MD Nadil Khan, Shariful
Haque, Kazi Sanwarul Azim, Khaled Al-Samad, A H M
Jafor, Md. Aziz, Omar Faruq, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1079
54.
Evaluating the Impact of Business Intelligence Tools
on Outcomes and Efficiency Across Business Sectors
- MD Nadil Khan, Shariful Haque, Kazi Sanwarul
Azim, Khaled Al-Samad, A H M Jafor, Md. Aziz, Omar
Faruq, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1080
55.
Analyzing the Impact of Data Analytics on
Performance Metrics in SMEs - MD Nadil
Khan, Shariful Haque, Kazi Sanwarul Azim, Khaled
Al-Samad, A H M Jafor, Md. Aziz, Omar Faruq, Nahid
Khan - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1081
56.
The Evolution of Artificial Intelligence and its Impact
on Economic Paradigms in the USA and Globally -
MD Nadil khan, Shariful Haque, Kazi Sanwarul
Azim, Khaled Al-Samad, A H M Jafor, Md. Aziz, Omar
Faruq, Nahid Khan - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1083
57.
Exploring the Impact of FinTech Innovations on the
U.S. and Global Economies - MD Nadil Khan, Shariful
Haque, Kazi Sanwarul Azim, Khaled Al-Samad, A H M
Jafor, Md. Aziz, Omar Faruq, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1082
58.
Business Innovations in Healthcare: Emerging
Models for Sustainable Growth - MD Nadil
khan, Zakir
Hossain, Sufi
Sudruddin
Chowdhury, Md. Sohel Rana, Abrar Hossain, MD
Habibullah
Faisal, SK
Ayub
Al
Wahid, MD
Nuruzzaman Pranto - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1093
59.
Impact of IoT on Business Decision-Making: A
Predictive Analytics Approach - Zakir Hossain, Sufi
Sudruddin Chowdhury, Md. Sohel Rana, Abrar
Hossain, MD
Habibullah
Faisal, SK
Ayub
Al
Wahid, Mohammad Hasnatul Karim - AIJMR Volume
The American Journal of Engineering and Technology
148
https://www.theamericanjournals.com/index.php/tajet
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1092
60.
Security Challenges and Business Opportunities in
the
IoT
Ecosystem
-
Sufi
Sudruddin
Chowdhury, Zakir Hossain, Md. Sohel Rana, Abrar
Hossain, MD
Habibullah
Faisal, SK
Ayub
Al
Wahid, Mohammad Hasnatul Karim - AIJMR Volume
2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1089
61.
The Impact of Economic Policy Changes on
International Trade and Relations - Kazi Sanwarul
Azim, A H M Jafor, Mir Abrar Hossain, Azher Uddin
Shayed, Nabila Ahmed Nikita, Obyed Ullah Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1098
62.
Privacy and Security Challenges in IoT Deployments
- Obyed Ullah Khan, Kazi Sanwarul Azim, A H M
Jafor, Azher
Uddin
Shayed, Mir
Abrar
Hossain, Nabila Ahmed Nikita - AIJMR Volume 2,
Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1099
63.
Digital Transformation in Non-Profit Organizations:
Strategies, Challenges, and Successes - Nabila
Ahmed Nikita, Kazi Sanwarul Azim, A H M
Jafor, Azher
Uddin
Shayed, Mir
Abrar
Hossain, Obyed Ullah Khan - AIJMR Volume 2, Issue
5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1097
64.
AI and Machine Learning in International Diplomacy
and Conflict Resolution - Mir Abrar Hossain, Kazi
Sanwarul Azim, A H M Jafor, Azher Uddin
Shayed, Nabila Ahmed Nikita, Obyed Ullah Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
65.
The Evolution of Cloud Computing & 5G
Infrastructure and its Economical Impact in the
Global Telecommunication Industry - A H M
Jafor, Kazi Sanwarul Azim, Mir Abrar Hossain, Azher
Uddin Shayed, Nabila Ahmed Nikita, Obyed Ullah
Khan - AIJMR Volume 2, Issue 5, September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1100
66.
Leveraging Blockchain for Transparent and Efficient
Supply Chain Management: Business Implications
and Case Studies - Ankur Sarkar, S A Mohaiminul
Islam, A J M Obaidur Rahman Khan, Tariqul
Islam, Rakesh Paul, Md Shadikul Bari - IJFMR
Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28492
67.
AI-driven Predictive Analytics for Enhancing
Cybersecurity in a Post-pandemic World: a Business
Strategy Approach - S A Mohaiminul Islam, Ankur
Sarkar, A J M Obaidur Rahman Khan, Tariqul
Islam, Rakesh Paul, Md Shadikul Bari - IJFMR
Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28493
68.
The Role of Edge Computing in Driving Real-time
Personalized Marketing: a Data-driven Business
Perspective - Rakesh Paul, S A Mohaiminul
Islam, Ankur Sarkar, A J M Obaidur Rahman
Khan, Tariqul Islam, Md Shadikul Bari - IJFMR
Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28494
69.
Circular Economy Models in Renewable Energy:
Technological Innovations and Business Viability -
Md Shadikul Bari, S A Mohaiminul Islam, Ankur
Sarkar, A J M Obaidur Rahman Khan, Tariqul
Islam, Rakesh Paul - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28495
70.
Artificial Intelligence in Fraud Detection and
Financial Risk Mitigation: Future Directions and
Business Applications - Tariqul Islam, S A
Mohaiminul Islam, Ankur Sarkar, A J M Obaidur
Rahman Khan, Rakesh Paul, Md Shadikul Bari -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28496
71.
The Integration of AI and Machine Learning in
Supply Chain Optimization: Enhancing Efficiency and
Reducing Costs - Syed Kamrul Hasan, MD Ariful
Islam, Ayesha Islam Asha, Shaya afrin Priya, Nishat
Margia Islam - IJFMR Volume 6, Issue 5, September-
October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28075
72.
Cybersecurity in the Age of IoT: Business Strategies
for Managing Emerging Threats - Nishat Margia
Islam, Syed Kamrul Hasan, MD Ariful Islam, Ayesha
Islam Asha, Shaya Afrin Priya - IJFMR Volume 6,
Issue
5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28076
73.
The Role of Big Data Analytics in Personalized
Marketing: Enhancing Consumer Engagement and
Business Outcomes - Ayesha Islam Asha, Syed
Kamrul Hasan, MD Ariful Islam, Shaya afrin
Priya, Nishat Margia Islam - IJFMR Volume 6, Issue 5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28077
74.
Sustainable Innovation in Renewable Energy:
Business Models and Technological Advances -
The American Journal of Engineering and Technology
149
https://www.theamericanjournals.com/index.php/tajet
Shaya Afrin Priya, Syed Kamrul Hasan, Md Ariful
Islam, Ayesha Islam Asha, Nishat Margia Islam -
IJFMR Volume 6, Issue 5, September-October 2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28079
75.
The Impact of Quantum Computing on Financial Risk
Management: A Business Perspective - Md Ariful
Islam, Syed Kamrul Hasan, Shaya Afrin Priya, Ayesha
Islam Asha, Nishat Margia Islam - IJFMR Volume 6,
Issue
5,
September-October
2024.
https://doi.org/10.36948/ijfmr.2024.v06i05.28080
76.
AI-driven
Predictive
Analytics,
Healthcare
Outcomes, Cost Reduction, Machine Learning,
Patient Monitoring - Sarowar Hossain, Ahasan
Ahmed, Umesh Khadka, Shifa Sarkar, Nahid Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/ 10.62127/aijmr.2024.v02i05.1104
77.
Blockchain in Supply Chain Management: Enhancing
Transparency, Efficiency, and Trust - Nahid
Khan, Sarowar
Hossain, Umesh
Khadka, Shifa
Sarkar - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1105
78.
Cyber-Physical Systems and IoT: Transforming Smart
Cities for Sustainable Development - Umesh
Khadka, Sarowar Hossain, Shifa Sarkar, Nahid Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1106
79.
Quantum Machine Learning for Advanced Data
Processing in Business Analytics: A Path Toward
Next-Generation Solutions - Shifa Sarkar, Umesh
Khadka, Sarowar Hossain, Nahid Khan - AIJMR
Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1107
80.
Optimizing Business Operations through Edge
Computing: Advancements in Real-Time Data
Processing for the Big Data Era - Nahid
Khan, Sarowar
Hossain, Umesh
Khadka, Shifa
Sarkar - AIJMR Volume 2, Issue 5, September-
October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1108
81.
Data Science Techniques for Predictive Analytics in
Financial Services - Shariful Haque, Mohammad Abu
Sufian, Khaled Al-Samad, Omar Faruq, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1085
82.
Leveraging IoT for Enhanced Supply Chain
Management in Manufacturing - Khaled AlSamad,
Mohammad Abu Sufian, Shariful Haque, Omar
Faruq, Mir Abrar Hossain, Tughlok Talukder, Azher
Uddin Shayed - AIJMR Volume 2, Issue 5,
September-October
2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1087
33
83.
AI-Driven Strategies for Enhancing Non-Profit
Organizational Impact - Omar Faruq, Shariful Haque,
Mohammad Abu Sufian, Khaled Al-Samad, Mir Abrar
Hossain, Tughlok Talukder, Azher Uddin Shayed -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i0.1088
84.
Sustainable Business Practices for Economic
Instability: A Data-Driven Approach - Azher Uddin
Shayed, Kazi Sanwarul Azim, A H M Jafor, Mir Abrar
Hossain, Nabila Ahmed Nikita, Obyed Ullah Khan -
AIJMR Volume 2, Issue 5, September-October 2024.
https://doi.org/10.62127/aijmr.2024.v02i05.1095
85.
Mohammad Majharul Islam, MD Nadil khan,
Kirtibhai Desai, MD Mahbub Rabbani, Saif Ahmad, &
Esrat Zahan Snigdha. (2025). AI-Powered Business
Intelligence in IT: Transforming Data into Strategic
Solutions for Enhanced Decision-Making. The
American Journal of Engineering and Technology,
7(02),
59
–
73.
https://doi.org/10.37547/tajet/Volume07Issue02-
09.
86.
Saif Ahmad, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani,
& Esrat Zahan Snigdha. (2025). Optimizing IT Service
Delivery with AI: Enhancing Efficiency Through
Predictive Analytics and Intelligent Automation. The
American Journal of Engineering and Technology,
7(02),
44
–
58.
https://doi.org/10.37547/tajet/Volume07Issue02-
08.
87.
Esrat Zahan Snigdha, MD Nadil khan, Kirtibhai Desai,
Mohammad Majharul Islam, MD Mahbub Rabbani,
& Saif Ahmad. (2025). AI-Driven Customer Insights
in IT Services: A Framework for Personalization and
Scalable Solutions. The American Journal of
Engineering and Technology, 7(03), 35
–
49.
https://doi.org/10.37547/tajet/Volume07Issue03-
04.
88.
MD Mahbub Rabbani, MD Nadil khan, Kirtibhai
Desai, Mohammad Majharul Islam, Saif Ahmad, &
Esrat
Zahan
Snigdha.
(2025).
Human-AI
Collaboration
in
IT
Systems
Design:
A
Comprehensive Framework for Intelligent Co-
Creation. The American Journal of Engineering and
Technology,
7(03),
50
–
68.
The American Journal of Engineering and Technology
150
https://www.theamericanjournals.com/index.php/tajet
https://doi.org/10.37547/tajet/Volume07Issue03-
05.
89.
Kirtibhai Desai, MD Nadil khan, Mohammad
Majharul Islam, MD Mahbub Rabbani, Saif Ahmad,
& Esrat Zahan Snigdha. (2025). Sentiment analysis
with ai for it service enhancement: leveraging user
feedback for adaptive it solutions. The American
Journal of Engineering and Technology, 7(03), 69
–
87.
https://doi.org/10.37547/tajet/Volume07Issue03-
06.
90.
Mohammad Tonmoy Jubaear Mehedy, Muhammad
Saqib Jalil, MahamSaeed, Abdullah al mamun, Esrat
Zahan Snigdha, MD Nadil khan, NahidKhan, & MD
Mohaiminul Hasan. (2025). Big Data and Machine
Learning inHealthcare: A Business Intelligence
Approach for Cost Optimization andService
Improvement. The American Journal of Medical
Sciences
andPharmaceutical
Research,
115
–
135.https://doi.org/10.37547/tajmspr/Volume07Is
sue0314.
91.
Maham Saeed, Muhammad Saqib Jalil, Fares
Mohammed Dahwal, Mohammad Tonmoy
Jubaear Mehedy, Esrat Zahan Snigdha, Abdullah
al mamun, & MD Nadil khan. (2025). The Impact of
AI on Healthcare Workforce Management: Business
Strategies for Talent Optimization and IT
Integration. The American Journal of Medical
Sciences and Pharmaceutical Research, 7(03), 136
–
156.
https://doi.org/10.37547/tajmspr/Volume07Issue0
3-15.
92.
Muhammad Saqib Jalil, Esrat Zahan Snigdha,
Mohammad Tonmoy Jubaear Mehedy, Maham
Saeed, Abdullah al mamun, MD Nadil khan, & Nahid
Khan. (2025). AI-Powered Predictive Analytics in
Healthcare
Business:
Enhancing
OperationalEfficiency and Patient Outcomes. The
American Journal of Medical Sciences and
Pharmaceutical
Research,
93
–
114.
https://doi.org/10.37547/tajmspr/Volume07Issue0
3-13.
93.
Esrat Zahan Snigdha, Muhammad Saqib Jalil, Fares
Mohammed Dahwal, Maham Saeed, Mohammad
Tonmoy Jubaear Mehedy, Abdullah al mamun, MD
Nadil khan, & Syed Kamrul Hasan. (2025).
Cybersecurity in Healthcare IT Systems: Business
Risk Management and Data Privacy Strategies. The
American Journal of Engineering and Technology,
163
–
184.
https://doi.org/10.37547/tajet/Volume07Issue03-
15.
94.
Abdullah al mamun, Muhammad Saqib Jalil,
Mohammad Tonmoy Jubaear Mehedy, Maham
Saeed, Esrat Zahan Snigdha, MD Nadil khan, & Nahid
Khan.
(2025).
Optimizing
Revenue
Cycle
Management in Healthcare: AI and IT Solutions for
Business Process Automation. The American Journal
of
Engineering
and
Technology,
141
–
162.
https://doi.org/10.37547/tajet/Volume07Issue03-
14.
95.
Hasan, M. M., Mirza, J. B., Paul, R., Hasan, M. R.,
Hassan, A., Khan, M. N., & Islam, M. A. (2025).
Human-AI Collaboration in Software Design: A
Framework for Efficient Co Creation. AIJMR-
Advanced International Journal of Multidisciplinary
Research,
3(1).
DOI:
10.62127/aijmr.2025.v03i01.1125
96.
Mohammad Tonmoy Jubaear Mehedy, Muhammad
Saqib Jalil, Maham Saeed, Esrat Zahan Snigdha,
Nahid Khan, MD Mohaiminul Hasan.The American
Journal of Medical Sciences and Pharmaceutical
Research,
7(3).
115-
135.https://doi.org/10.37547/tajmspr/Volume07Is
sue03-14.
97.
Junaid Baig Mirza, MD Mohaiminul Hasan, Rajesh
Paul, Mohammad Rakibul Hasan, Ayesha Islam Asha.
AIJMR-Advanced
International
Journal
of
Multidisciplinary Research, Volume 3, Issue 1,
January-February
2025
.DOI:
10.62127/aijmr.2025.v03i01.1123 .
98.
Mohammad Rakibul Hasan, MD Mohaiminul Hasan,
Junaid Baig Mirza, Ali Hassan, Rajesh Paul, MD Nadil
Khan,
Nabila
Ahmed
Nikita.AIJMR-Advanced
International Journal of Multidisciplinary Research,
Volume 3, Issue 1, January-February 2025 .DOI:
10.62127/aijmr.2025.v03i01.1124.
