1 Introduction

In an era defined by the digital transformation of society, our reliance on digital infrastructure has grown exponentially. The rapid integration of computing technology into various facets of life, spanning business, government, and personal use has ushered in unprecedented opportunities and challenges. One of the most pressing challenges is the ever-evolving landscape of cyber threats. As cyber attacks have grown in sophistication and frequency, the imperative to safeguard our digital domains has become paramount. The field of cyber security traces its origins back to the 1970s and 1980s as computing technology became more prevalent in business, government, and personal use [1]. Over time, this field matured, adapting to emerging threats and evolving technologies. The essence of cyber security has always been to secure digital systems and data from unauthorized access, damage, or disruption.

However, the term "cyber resilience" is a more recent development, emerging in the early 2000s in recognition of the imperative to establish systems that can endure and recover from cyber incidents. Since then, the concept of cyber resilience has gained increasing attention in both the public and private sectors, as organizations have become more reliant on technology and face a growing array of cyber threats. Today, cyber resilience is widely recognized as an essential element of any comprehensive cyber security strategy as it helps organizations mitigate the impact of cyber attacks, maintain business continuity, and protect sensitive information.

The scope of this study is to explore the historical background and evolution of the concept of cyber resilience with a focus on when it was first used and how it has developed over time up to the period between 2020 and 2022, when the COVID-19 pandemic had a significant impact on digital infrastructure and cyber security. By tracing the evolution of the concept, we can gain a deeper understanding of how it has been shaped by changes in technology, security threats, and societal factors. This in-depth exploration is imperative to discern the utility and indispensability of cyber resilience as a field of study and practice. By systematically analyzing the evolving concepts and frameworks over time, this study seeks to illuminate the intrinsic value and relevance of cyber resilience in the contemporary landscape of cyber security. To achieve this goal, the paper will first provide an overview of the definition and key components of cyber resilience. It will then review the relevant literature to explore the origin of the concept and its early development. This will be followed by a discussion of the major milestones and events that have shaped the evolution of cyber resilience over time.

When describing the research approach used in this paper, it is important to recognize the significance of relevant references through the use of a systematic literature review (SLR). Systematic literature reviews aim to provide comprehensive insights and methodological rigor in research, serving academic communities through theoretical synthesis [2]. This ensures a strong foundation for the study, aligning our approach with established practices and methodologies recognized in the academic discourse on cyber resilience. Extensive searches were conducted using academic databases such as Scopus and Google Scholar, identifying peer-reviewed articles, research papers, and scholarly publications from various sources. Additional reports and relevant documents available on reputable websites and research institutions were included through online searches. A snowballing technique was also applied [3], scrutinizing reference lists to uncover additional sources that might not have surfaced initially. This method ensures a well-rounded and reflective literature review.

This paper conducts a thorough examination of the evolution of the concept of cyber resilience, tracing its origins and providing a comprehensive overview. The historical context in which cyber resilience emerged provides a broader perspective on its importance. This allows us to trace the origins of this conceptual term, identify key milestones, and understand the specific challenges and threats that led to its development. To guide the exploration, this study sets out to answer critical questions that illuminate the journey of the term cyber resilience. Key inquiries include: How did the term originate, and under what conditions was it first introduced and used? What contextual factors drove the adoption of cyber resilience? Examining the term's evolution since its inception, the study seeks to understand how it has adapted to changing landscapes. Additionally, the investigation extends to anticipate trends and potential future applications of cyber resilience in the years to come. These questions collectively aim to unravel the term's history, development, and its prospective impact on cybersecurity practices. The study intentionally covers a wide scope. It encompasses both information technology (IT) and operational technology (OT) environments, recognizing the importance of understanding cyber resilience across these domains. Additionally, the study does not limit its focus to specific types of organizations or critical infrastructures (CIs). Instead, it aims to offer insights and recommendations that can be applied broadly. Furthermore, the study highlights a crucial point there is no universally accepted, common definition of cyber resilience. This absence of a standardized definition underscores the complexity and dynamic nature of the field. The structure of the paper is designed to unfold these contributions progressively, offering a comprehensive exploration of cyber resilience from its origins to its contemporary significance. It involves a review of the field of cyber security (Sect. 2) and an exploration of the conceptual interpretation of cyber security (Sect. 2.2). We then delve into the foundations and applications of resilience (Sect. 3) before focusing specifically on cyber resilience as a subset (Sect. 4). Section 4.1 explores the connection between ecology and cyber security, followed by an examination of the early development of cyber resilience in the 2000s (Sect. 4.2). Section 4.3 conducts a literature review, mapping the landscape of cyber resilience research from 2011 to 2019. Section 5 distinctly differentiates between cyber security and cyber resilience. Sections 6 and 6.1 explore the current state and role of cyber resilience in contemporary strategies, encompassing an examination of the COVID-19 pandemic's impact. The paper concludes with a forward-looking perspective on the future of cyber resilience in Sects. 6.2 and 6.3.

By studying how the concept of cyber resilience has evolved over time, we gain introductory insights into the strategies and approaches that have been effective in reducing cyber threats. This historical knowledge informs our strategies in the present and helps us make informed decisions about the future development of cyber resilience. The ever-evolving cyber threat landscape necessitates adaptive responses. Historical analysis showcases how cyber resilience strategies have adapted to emerging threats, guiding the development of strategies for the future. By understanding the historical and contextual factors that have shaped the concept, we can better prepare for future challenges and ensure the continued resilience of digital infrastructure. Understanding the adaptive nature of cyber resilience is particularly valuable in a landscape where threats continually evolve. The study's universality, addressing both information technology (IT) and operational technology (OT) environments, ensures that the insights derived are broadly applicable across diverse sectors. By delving into historical and conceptual dimensions, the study provides a comprehensive understanding of how the concept has evolved over time. It offers a nuanced perspective on the development of resilience strategies, emphasizing their adaptability to emerging cyber threats. Furthermore, the conceptual review in the article contributes to clarifying the terminology and frameworks within cyber resilience, facilitating the establishment of a more standardized and shared understanding of the concept. The added value of the article lies in its potential to inform current practices, guide future strategies, and contribute to the broader academic discourse, ultimately enhancing the overall effectiveness and adaptability of cybersecurity measures in the face of evolving challenges. The article's significance is underscored by its capacity not only to fortify present defenses but also to proactively prepare for the ever-changing cybersecurity landscape, fostering a more resilient and secure digital future.

2 Cyber security in brief

2.1 Review of the field of cyber security

Cybersecurity encompasses a wide spectrum of security concerns, ranging from the protection of individuals against cyber threats to safeguarding the entirety of society [4]. It has become an increasingly complex and multifaceted field, with a wide range of technologies, tools, and techniques used to protect against cyber threats. Firewalls, antivirus programs, intrusion detection and prevention systems, encryption methods, and access management mechanisms are among the key components that contribute to the field of cybersecurity. Besides technical measures, cyber security also encompasses policies, procedures, and best practices designed to mitigate, detect, and address cyber attacks. The definition of cyber security has expanded to encompass aspects related to the development of an increasingly digitalized economy, reflecting its contested nature as a concept [5]. The origins of cyber security can be historically linked to the 1970s and 1980s, an era when computing systems started gaining prevalence in business, government, and personal use. As the use of computers and digital networks increased, so did the possibility of cyber attacks. This led to the development of various security measures and techniques to counter such threats.

One of the biggest challenges facing the cyber security field is the rapidly evolving nature of cyber threats. Attackers are constantly developing new tactics and techniques to breach networks and steal data, and cyber security professionals must continually adapt and update their defenses to stay ahead of these threats. Lately, there has been a mounting concern regarding the consequences of state-sponsored cyber attacks and the potential for cyber warfare to disrupt critical infrastructure and cause widespread harm. Despite these challenges, cyber security remains a critical field that is essential for ensuring the safety and security of our digital infrastructure. As the world becomes increasingly connected and dependent on technology, the need for effective cyber security measures will only continue to grow.

2.2 The conceptual interpretation of cyber security

The study by Tim Maurer and Robert Morgus intended to enhance clarity and foster a better understanding of cyber security terminology by assembling a compendium of preexisting definitions for associated terms. They evaluated 47 collected definitions of cyber security and concluded that cyber security primarily involves the ability to protect, preserve, resist, and defend the use of cyberspace from cyber attacks. They also noted that cyber security is a process rather than an end in itself [6]. The research conducted by Dan Craigen et al. entailed engaging in numerous discussions with professionals, scholars, and postgraduate students to explore diverse viewpoints on the components that should be encompassed within a cyber security definition. The authors selected nine definitions of cyber security that provided different perspectives and proposed their own definition based on key concepts drawn from the literature. Their definition highlights the importance of organizing and consolidating resources, processes, and structures to safeguard cyberspace and cyberspace-enabled systems against deviations that contradict established property rights, both in theory and practice [7]. Daniel Schatz et al. conducted a comprehensive literature review to identify the prominent definitions put forth by authoritative sources regarding the term "Cyber Security." They proposed an advanced definition that encompasses the holistic approach and actions undertaken by organizations and governments to manage security risks, ensuring the protection of data confidentiality, integrity, and availability within the domain of cyberspace [8]. Basie and Rossouw von Solms endeavored to offer a straightforward and concise explanation of cyber security by examining primary source documents. Their analysis led them to the conclusion that cyber security governance, as a subset of information security governance, involves directing and overseeing the safeguarding of an organization's digital information assets against risks associated with internet usage [9].

Enisa analyzed the usage of cyber security terminology by various stakeholders and reviewed standardization activities within the domain of cyber security. They deconstructed the components that make up the definition of the ‘cyber security’ domain using terminology as defined by dictionaries and organizations. Enisa put forward the notion that a conventional definition of cyber security may not be necessary and instead recommended a contextual definition that aligns with and is already employed by a specific standard development organization or institution, emphasizing its relevance and suitability [10]. Jonathan Lewallen conducted an analysis of the impact of evolving technology on the evolution of cyber security policy within the USA. He argued that emerging technologies introduce novel challenges and reshape existing ones, cutting across economic and social domains, thus generating ambiguity regarding the regulatory and legislative jurisdiction. His analysis of US congressional hearings illustrated the influence of technological advancements and the proliferation of internet-connected devices have expanded the definition of cyber security, leading to more legislative and regulatory subunits claiming decision-making authority [11].

Although the notion of protection dominates, the field of cyber security is still grappling with defining the term in a clear and concise manner. Various experts and organizations have proposed different definitions, each emphasizing different aspects of the concept. While some definitions focus on protecting cyberspace from cyber attacks, others highlight the importance of security risk management processes and governance. Given the ever-evolving nature of technology and the expanding range of assets vulnerable to cyber attacks, the definition of cyber security continues to expand and shift, leading to regulatory uncertainty and challenges for policymakers. Ultimately, a contextual definition that is relevant and fits a particular organization or standard setting body could potentially be the most efficient approach to defining cyber security.

3 Understanding resilience: definition, components, and frameworks, foundations and applications

Nature exemplifies resilience like nowhere else. Trees, for instance, are specifically built to flex under the strain of heavy winds or snow, demonstrating their ability to withstand and recover without succumbing [12]. In the field of material science, resilience refers to the capacity of a material to absorb energy while undergoing elastic deformation and subsequently release that energy upon unloading. Resilience can be defined from various perspectives, such as the capability of a system to assimilate disturbances or the extent of perturbation that can be endured before the system undergoes structural modifications by altering variables and processes that govern its behavior [13].

Resilience is a complex and multidimensional concept that has been thoroughly explored across multiple scientific disciplines, encompassing psychology, sociology, ecology, and engineering, among others. Across various domains, the concept of resilience maintains a consistent interpretation. It involves anticipating and adapting to potential threats, demonstrating dynamic responsiveness rather than rigid fragility. It is widely acknowledged that all systems are prone to some level of failure [14].

In a conceptual sense, according to the Merriam-Webster dictionary, resilience is defined as “the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress”, as well as “an ability to recover from or adjust easily to misfortune or change” [15]. On the other hand, the Oxford dictionary defines resilience more generally as “the ability of people or things to recover quickly after something unpleasant, such as shock, injury, etc.” [16]. The Cambridge dictionary defines resilience as “the ability of a substance to return to its usual shape after being bent, stretched, or pressed” [17]. Furthermore, the ITU-T Study Group 17 (SG17) in 2015 defined resilience as “the ability to recover from security compromises or attacks”. Resilience is a critical trait for success in both personal and professional contexts, enabling individuals and organizations to learn and grow from challenging experiences [18].

Although a universally accepted definition of resilience may not exist, the absence of such consensus does not inherently render the interpretation of cyber resilience challenging. In fact, the lack of a rigid definition allows for greater flexibility and adaptability in applying the concept to different contexts. While the concept of mental resilience in psychology is indeed more specific, the core idea of bouncing back from adversity and coming out stronger can be applied to various domains, including cyber security. Overall, while there may not be a single, precise definition of resilience, the concept remains a valuable and relevant framework for understanding and addressing challenges in different fields.

4 Cyber resilience: a subset of resilience

The mapping study of the cyber resilience research landscape adopts a structured approach, organizing the research into three distinct chronological sections. Spanning from the early years to 2019, each section represents a pivotal phase in the development of cyber resilience as a field of study. The decision to divide the sections emerged during the writing process and was informed by our findings. Beginning with the most recent developments and research trends from 2011 to 2019, the third section is a deliberate effort to capture the contemporary landscape. Reversing our chronological trajectory, the segment spanning from 2003 to 2010 encapsulates a period marked by the consolidation of interest and deepened exploration into the realm of cyber resilience. The first section covers the period before 2002, marking the emergence of the first resilience concerns.

This methodological choice enhances the comprehensiveness and clarity of our exploration into the evolution of cyber resilience from its inception. Our aim is to provide readers with a holistic view of how the concept, frameworks, and research on cyber resilience have evolved over time. By tracing the historical development of ideas, theories, and practical applications from their roots to the most recent developments, we offer a coherent narrative of cyber resilience research. This structured approach facilitates a deeper understanding, allowing readers to contextualize the field's development and maturation. Significantly, the study concludes its examination just prior to 2020, acknowledging the emergence of the COVID-19 era as a potential catalyst for transformative shifts in the dynamics of cyber resilience operations and utilization. The awareness of these evolving circumstances led to the deliberate decision to conclude the study at this juncture, signaling the imperative for a subsequent investigation into data shaped by the post-2020 landscape.

4.1 From ecology to cyber security

Resilience has become a critical concept in a range of fields, from ecology to cyber security. The notion of resilience originated in the field of ecology; it was first introduced in 1973 to describe a property of ecological systems that governs the persistence of relationships within the system [19]. Holling defined resilience as the capacity of a system to assimilate changes and endure, whereas stability refers to the system's ability to return to an equilibrium state following a disturbance. The proponent of this concept put forth the notion that ecological systems can be characterized by two key properties: resilience and stability. Resilience governs the continuity of relationships within the system and pertains to its capacity to withstand changes and persist. On the other hand, stability refers to the system's ability to revert to an equilibrium state following a disturbance. Fiering in 1982 explored different definitions of resilience within the framework of water resource systems, focusing on the time required to transition between system states and recover from failure. The concept of "surprise" was also highlighted as a critical aspect of resilience. Fiering argued that resilience is most applicable to complex systems, particularly biological and societal ones, where the underlying mechanisms are not well-understood. It also stressed that the dimension of time is inherently connected to the concept of resilience [20]. Once again in 1996, Holling discussed that the concept of resilience, as discussed in ecological literature, can be defined in two ways: engineering resilience, which emphasizes the preservation of efficiency, constancy, and predictability in proximity to a stable equilibrium state, and ecological resilience, which prioritizes persistence, adaptation, and unpredictability in conditions significantly divergent from an equilibrium steady state. These two definitions entail distinct implications when it comes to assessing and handling complexity and change, and the emphasis on one or the other depends on the discipline or attitude of the observer [21].

In 1998, Benjamin et al. emphasized that IT security was increasingly important as society and industry became more dependent on IT and cybercrime became more prevalent. The authors stressed that everyone involved in IT systems needed to be aware of security issues and their responsibilities. A security policy should aim to limit the impact of attacks to an acceptable level at an acceptable cost, and this requires both technical measures and close management oversight. So, Benjamin et al. proposed direct resilience to attack [22]. In 2000, Luthar et al. wrote an article in which they stated that despite the challenges of studying resilience, continued research in this area is valuable and has the potential to broaden developmental theory and propose practical avenues for intervention. Furthermore, they advocated for an imperative to strengthen the scientific rigor of resilience research endeavors [23]. Moreover, Jane Jorgensen et al. [24] examined the context of cyber ecology and suggested that ecological models depicting intricate biological communities and strategies for disease control can serve as valuable inputs for intricate dynamic models of computer networks. These models can help in devising novel approaches to systems management when confronted with ever-evolving cyber threats and generate initial hypotheses for further investigation [24]. In 2002, during a highly competitive business environment, it was imperative for organizations to have a comprehensive vision for resiliency. Saagar Makwana by IBM mentioned that resiliency planning starts with a strategy, which ought to be a component of a comprehensive business strategy. They suggested that the foundational elements for establishing a resilient infrastructure encompass recovery, hardening, redundancy, accessibility, diversification, and autonomic computing [25].

The study of cyber ecology was shown to be aided in the development of cyber resilience. Although it was recognized that scientific rigor is essential for developing a robust theory of resilience, scientists used the theory of cyber ecology for the evolution of cyber resilience. As a result, an initial concept of resilience for IT systems began to take shape as the system's ability to absorb change and maintain operational functionality. The importance of achieving IT resilience at a reasonable cost was emphasized, highlighting the need for development of a resilient planning strategy.

Figure 1 illustrates the chronological development of resilience concepts in various domains. The timeline begins with the introduction of resilience in ecological systems, marking a key milestone in understanding system dynamics. The evolution progresses through the separation and attribution of resilience and stability concepts in ecological systems. In water resource systems, the concept of surprise and the temporal aspects of transitioning between system states and recovering from failure are highlighted. Moving to the realm of cyber security systems, the proposal of direct resilience to attacks reflects advancements in safeguarding critical infrastructure. Psychological systems contribute to the narrative by emphasizing the importance of scientific rigor in resilience research endeavors. The figure then shifts to computer network systems, where the application of ecological models to enhance cyber resilience and the exploration of links between biology and cybersecurity mark significant developments. Finally, the evolution culminates in information technology systems, where the emphasis on the necessity for a Resilient Planning Strategy underscores the growing recognition of resilience as a strategic imperative. Overall, the figure encapsulates the diverse trajectories and interconnectedness of resilience across different systems, providing a comprehensive overview of its evolution in various domains.

Fig. 1
figure 1

Evolution of resilience across different systems

4.2 Early development of cyber resilience in the 2000s

Zahri Yunos and Ahmad Nasir Mohd Zin cited several incidents in which computer viruses have caused catastrophic effects on victims. They discussed the characteristics of viruses, including their small size, versatility, propagation, effectiveness, functionality, and persistence. Based on these characteristics, the author considered that computer viruses may be used as a more resilient weapon in cyberspace [26].

In 2005, the UK Cabinet Office discussed the notion of cyber resilience for the first time, highlighting the need for organizations to be able to adapt to evolving threats and maintain critical operations [27]. Gordon et al. delved into the concept of cyber resilience, with a particular focus on its role in minimizing potential damage from cyber attacks. A central aspect of their argument was the effective application of economic concepts to enhance cybersecurity levels for both public and private sector organizations. They advocated for determining optimal cybersecurity investment amounts and establishing efficient resource allocation procedures within an economic framework [28]. Erik Hollnagel et al. introduced the concept of resilience engineering, which was concerned with how systems can adapt to unexpected events or disturbances. Although Hollnagel did not specifically address cyber resilience, the concepts presented can be applied to cyber security and resilience [29]. Chai et al. explored the involvement of IT in surface transportation security by surveying mid and senior executives in transportation industries. The results indicated that managers consider IT applications fundamental to surface transportation operation and security, but are highly concerned about cyber security threats [30]. Mihaela Ulieru highlighted that resilient eNetworks have the potential to bring about transformative advancements in various safety and security applications, including uninterrupted electricity generation and distribution, detection and neutralization of terrorist networks, and interception and defense against biochemical attacks, hazard-free transportation, disaster response, and pandemic mitigation. Ulieru aimed to devise universal design methodologies for enhancing the resilience of critical infrastructures by utilizing the eNetwork middleware. This entailed pursuing three research avenues: network self-organization to uphold and augment resilience, risk mitigation through eNetworks and the impact of interdependencies [31]. In a document produced as a work package in the Jointly Executed Research (JER) program of the ReSIST Network of Excellence in 2007, the authors aimed to achieve sufficient resilience in the complex information infrastructures of ubiquitous computing systems that are increasingly critical to the information infrastructure of our society. They focused on identifying gaps in collective knowledge of scalable resilience in policies, algorithms, and mechanisms. Subsequently, they put forward a roadmap outlining integrated research directions aimed at developing the necessary technologies for scaling resilience. The document included an extensive inventory of research gaps recognized by experts from the four working groups, which were associated with assessibility, evolvability, usability, and diversity. It also provided synopses of each resilience-scaling technology, identifying challenges and how these challenges are covered by the identified gaps [32]. Lin et al. in their article discussed the tensions between security and operational resilience, highlighted that security measures could sometimes conflict with the need for organizational resilience in times of crisis. The author suggested that a new mindset in hardware and software design is needed that equally prioritizes security and attack resilience alongside performance and functionality [33].

Scott Dynes et al. examined the ramifications of cyber disruptions on supply chain processes and discovered that supply chains characterized by substantial automation and process control, such as the oil and gas industry, can experience significant impacts from deliberate cyber disruptions, while manufacturing supply chains are surprisingly resilient to internet outages. The study cited several real-world examples of supply chain disruptions, including Toyota's recovery from a supplier fire and Mattel and Hasbro's ability to work around a dockworkers strike. The study concluded that small firms may not be vulnerable to internet disruptions due to their current reliance on phone and fax, but the likelihood of production disruptions caused by cyber events is expected to increase as supply chains become more reliant on the internet. The authors also noted that the vulnerability or resilience of a supply chain to cyber disruptions does not solely rely on the technology used, but rather on how the technology is leveraged to facilitate supply chain processes and the nature of the encountered attack [34].

In 2008, Scott Dynes conducted field studies that examined information risk management practices in healthcare and retail sectors. Τhe impact of cyber disruptions on business continuity planning was also investigated. The studies revealed that while coordinating signals for information risk management was necessary, it was not sufficient to fully protect firms from cyber disruptions. This finding suggests that additional strategies are needed to ensure resilience [35]. Madni and Jackson, in their article, introduced resilience engineering, which aimed to enhance an organization's ability to monitor risks and strike a balance between safety and productivity in complex systems. The article provided a framework for analyzing and addressing disruptions, which may take the form of operational contingencies, natural disasters, terrorism, political instability, or financial meltdowns. The article distinguished between two types of disruptions: Type A disruptions, which are caused by external factors, and Type B disruptions, which are systemic disruptions caused by technological failures. The article highlighted the importance of by combining immediate response and enduring adaptation to disturbances [36]. In 2009, Kahan et al. discussed the eight principles that serve as conceptual lenses and criteria for crafting robust critical systems that can withstand disruptions. These principles are interrelated, and one of the central ones is that resilience encompasses the entire spectrum of America's national homeland security enterprise, which comprises federal, state, local, and tribal governments, as well as the private sector, communities, families, and individual citizens. It encompasses both the tangible elements, such as physical assets and infrastructure, and the intangible aspects, such as community cohesion and citizen preparedness. Cyber resilience is an integral part of this comprehensive approach, spanning across all sectors [37]. In October 2009, President Barack Obama, exercising the authority vested in him by the Constitution and laws of the USA, declared National Cybersecurity Awareness Month. The President urged the citizens of the USA to acknowledge the significance of cybersecurity and actively participate in this month through suitable activities, events, and training initiatives, aimed at fortifying our national security and resilience [38].

The inaugural Australia International Cyber Resilience Conference, convened in 2010, marked a pivotal moment in the evolution of cyber resilience, setting the stage for future advancements and discussions in the field. Renowned experts in the field of cyber resilience presented groundbreaking research, with papers covering a diverse range of topics, such as smart business, medical security, and public–private partnerships (PPPs). The conference featured some of the following papers:

  • "Small Business—A Cyber Resilience Vulnerability" discussed the issue of cyber resilience for small businesses in Australia, highlighting their vulnerability to cyber threats and the need to defend against and recover from cyber incidents [39].

  • "Is Cyber Resilience in Medical Practice Security Achievable?" discussed the vulnerability of the e-health system in Australia and the importance of resilience in primary care medical practices [40].

  • “Mitigating Cyber-Threats through Public–Private Partnerships: Low cost governance with high-impact returns” discussed the challenges of promoting cyber resilience and sharing responsibility for cyber security between governments, private businesses, and individual consumers in Australia. Public–private partnerships (PPPs) and partnerships with non-governmental organization (NGOs) are necessary for the successful deployment of cyber resilience. However, private businesses and individual consumers are often indifferent to the notion of shared security responsibility, and cyber resilience struggles to establish itself in domains characterized by prevalent cyber vulnerabilities. The article argued that formulating a unified and cohesive strategy for cyber resilience will require addressing these challenges and engaging a broad array of stakeholders [41].

In 2010, Sterbenz et al. presented a comprehensive resilience framework that integrates diverse disciplines, strategies, principles, and analysis techniques. The framework, which consists of six stages (defend, detect, remediate, recover, diagnose, and refine), provides a set of design principles for resilient network architecture and design, including prerequisites, tradeoffs, enablers, and behaviors [42].

The term "cyber resilience" gained significant recognition and traction around the year 2010, marking a pivotal point in its establishment. Prior to this, the concept of cyber resilience was not widely understood or discussed, and cyber security was the predominant term used to describe measures taken to protect against cyber threats. Those years, there was a recognition that cyber resilience refers to the ability of a system or organization to adapt and respond to cyber attacks or disruptions, and to maintain critical operations in light of unexpected events. The concept of resilience has its roots in ecology, where it was first introduced as an intrinsic characteristic of ecological systems that governs the persistence of relationships within the system. Resilience is different from stability, which denotes the system's capacity to restore itself to an equilibrium state following a disruption. Cyber resilience requires a comprehensive vision for resilience planning that starts with a strategy, technical measures, and close management oversight. It involves recovery, hardening, redundancy, accessibility, diversification, and autonomic computing. The concept of cyber resilience has been discussed in various papers, with a focus on reducing the potential damage caused by cyber attacks, maintaining critical operations, and adapting to evolving threats. Cyber resilience is crucial for organizations that are increasingly dependent on IT systems and facing a highly competitive business environment.

The historical context of cyber resilience is illuminated by its initial recognition and discussion at a governmental level, notably in 2005 when the UK Cabinet Office initiated formal discussions. This marked a defining moment as the term cyber resilience gained prominence and formal acknowledgment, signifying its emergence as a crucial concept. The discussions carried significant policy implications, underscoring the role of cyber resilience as a critical component in both organizational and national security strategies. The evolution of terminology is highlighted, indicating a shift toward more formal and standardized language in discussing cyber resilience. The initiation of discussions by a governmental body not only underscores the foundational nature of the concept but also suggests that it became a key consideration in shaping governmental policies and strategies. This historical event serves as a pivotal reference point, adding depth and context to the evolution of cyber resilience, emphasizing its formal recognition and growing importance in the realm of cybersecurity. This new concept of cyber resilience is now widely applied to cyber systems, and organizations across various sectors have recognized the need to be cyber resilient. Particularly in the context of surface transport security, there is growing concern about cyber security, and software solutions have been developed to enhance cyber resilience. However, the need for a renewed mindset in hardware and software design is also emphasized. The significance of cyber resilience is further highlighted by the growing number of cyber disruptions that are being investigated, with inadequate protection found in supply chains, small businesses, healthcare, and retail. To address these challenges, PPPs and collaborations with NGOs are recommended. Figure 2 offers a comprehensive visual representation of the evolutionary landscape of cyber resilience from the early 2000 to 2010. It captures key milestones and strategies that shaped the field during this critical period. This visual narrative serves as a valuable resource for understanding the multifaceted journey of cyber resilience during this decade.

Fig. 2
figure 2

Evolution of cyber resilience: key milestones (2003–2010)

4.3 Mapping the landscape of cyber resilience research: a review of the literature from 2011 to 2019

The proliferation of digital technologies and the escalating reliance of organizations on information systems has elevated cyber security to a critical concern shared by businesses, governments, and individuals alike. Cyber attacks and incidents can result in dire consequences, encompassing financial losses, reputational harm, and even posing national security risks. As a response to these threats, organizations have invested significant resources toward implementing cyber security measures such as firewalls, antivirus software, and intrusion detection systems. However, these measures are not always sufficient to prevent or mitigate the impact of cyber attacks, which can be highly complex and adaptive. As a result, there has been a growing interest in cyber resilience, which focuses on an organization's ability to maintain essential functions and recover quickly from cyber incidents. We aim to provide a thorough examination of the existing literature on research pertaining to cyber resilience from 2011 to 2019, exploring the key themes and findings that have emerged from this research.

Following the emergence of scientific interest in cyber resilience, in 2011, the 2nd International Cyber Resilience Conference was held in Australia, once again featuring papers related to the topic of cyber resilience. Three of them presented different approaches to enhancing cyber resilience. The first proposed a new type of botnet, the Malware Rebirthing Botnet (MRB), which collects and modifies malware to evade detection and potentially take control of critical infrastructure [43]. The second paper focused on the development of leakage-resilient pseudorandom generators to protect valuable information from side-channel attacks [44]. The third paper addressed privacy concerns related to querying databases for information and presented protocols to protect the anonymity of clients and servers, prevent unauthorized access to digital content, and protect the database [45]. These papers demonstrated the importance of developing new methods and technologies to enhance cyber resilience in the face of evolving cyber threats.

According to Mitre Corporation's report on Cyber Resiliency Engineering Framework in 2011, the concept of cyber resiliency involves four goals: Anticipate, Withstand, Recover, and Evolve, supported by eight objectives and fourteen practices. The objectives include Understand, Prepare, Prevent, Continue, Constrain, Reconstitute, Transform, and Re-architect, while the practices include Adaptive Response, Privilege Restriction, Deception, Diversity, Substantiated Integrity, Coordinated Defense, Analytic Monitoring, Non-persistence, Dynamic Positioning, Redundancy, Segmentation, Unpredictability, Dynamic Representation, and Realignment. The report emphasized that these elements should be approached as a comprehensive and interdependent strategy to maximize cyber resiliency [46]. The National Institute of Standards and Technology (NIST) published a report in 2011 titled "Information Security Continuous Monitoring for Federal Information Systems and Organizations" to address the need for a comprehensive approach to information security. The report centers on the notion of information system resilience, which encompasses the system's capacity to withstand, endure, and recuperate from disruptions, threats, or attacks [47].

Goldman et al. highlighted that the key attribute of cyber resilience is the ability to sustain an acceptable level of service despite adverse events, including cyber threats and attacks [48]. As the power of a wired nation like the USA relies heavily on its ability to disrupt cyber attacks and to be resilient against successful attacks, Chris C. Demchak proposed a strategy of "security resilience" to survive in a complex, interconnected, and surprising cybered world. The strategy was based on theories of international relations, complexity in social-technical systems, and institutional adaptation [49]. Mohamed Azab et al. proposed a biologically inspired defense system called ChameleonSoft that aims to bolster the resilience and security of pervasive cyber systems by employing spatiotemporal software behavior encryption and a moving target defense approach [50]. Amantini et al. proposed a methodology that aims to strengthen the robustness and resilience of critical infrastructures in defiance of cyber attacks using offline tools that involve human intervention, while still maintaining usability guidelines. The methodology identifies Supervisory Control and Data Acquisition (SCADA) systems as a crucial component of CIs that are vulnerable to cyber threats and proposes using adaptable parsers to address this issue. Amantini et al. presented two intervention methods: one that is autonomous and the other that encompassed a decision support tool and human operator collaboration [51].

In 2012, The World Economic Forum launched a project to address emerging systemic risks resulting from increased connectivity in the networked economy. The project aimed to enhance systemic resilience to cyber risks, raise global business standards, and contribute to economic stability and prosperity. The Principles for Cyber Resilience seek to establish a resilient shared digital space and promote executive-level awareness of cyber risk management. The initiative focuses on improving local cyber resilience while collaborating on common principles to create global benefits. The project was providing guidelines for developing cyber resilience programs and recognized the interdependence of private and public organizations in the global, hyperconnected environment. Leadership is considered essential in establishing the tone and structure for cyber resilience [52]. Suzanne Hassell et al. discussed a toolkit for Cyber Threat, Vulnerability, and Defense Modeling and Simulation, which enables the assessment and enhancement of the cyber resiliency of systems and networks [53]. Richard Ford et al. focused on the challenges of defining and measuring resilience in cyber systems. The authors argued that a universal set of metrics for resilience is impractical and instead suggested guidelines for constructing metrics that are appropriate for a particular system. The guidelines included considerations such as ordinal ranking, particular perturbation, system boundary, and the importance of considering system output and not just resilience alone. It is highlighted the need for further research and development in resilience metrics to adequately represent the resilience of a system [54]. Demchak explored the concept of "socio-cyber systems", which were intricate socio-technical systems leveraging cyberspace to enhance efficiency and reduce costs. He underscored the significance of comprehending and safeguarding the resilience of the evolving global socio-cyber infrastructure, which serves as the foundation for critical systems in numerous societies and plays a vital role in cross-border societal functions. Demchak concluded by highlighting policymakers' growing awareness of the national security implications associated with cyberspace and their inclination to seek guidance from scholars in implementing cyber resilience measures [55].

Vugrin and Turgeon introduced a hybrid approach to evaluate the resilience of infrastructure in cyber systems, merging qualitative analysis techniques with performance-based metrics. The authors suggested the adaptation of this methodology for analyzing cyber resilience, combining existing cyber resilience and infrastructure resilience assessment methods to establish a comprehensive cyber-centric resilience assessment framework. Vugrin & Turgeon defined cyber resilience as the capacity of a cyber system to operate securely and effectively even in the face of disruptions, which can stem from cyber or physical sources, and be deliberate, accidental, or unpredictable [56]. Kaufmann explored how cyber resilience can be utilized as a governance strategy for managing crises in critical infrastructure and the internet. It emphasized the importance of incorporating redundancy and technical resilience into information infrastructures and prioritizing diversity over traditional risk calculations. Additionally, the article highlighted the need for balance between private and public stakeholders and new responsibilities for society's actors. Lastly, the article suggested that standard setting is crucial in developing cyber resilience and that leadership is required to achieve this goal [57]. The Defense Science Board (DSB) Task Force study on Resilient Military Systems aimed to evaluate and improve the Department of Defense's (DoD) system resiliency against cyber attacks [58]. Lewis Herrington and Richard Aldrich discussed two challenges in cyber resilience in the UK: determining who owns cyber resilience in a context where most critical national infrastructure is privately owned, and ensuring genuinely robust cyber-defense. The article argued that any system reliant on information technology is now vulnerable, and even the most advanced technical solutions offer only limited assurance. It suggested that a combination of analogue and manual systems, often referred to as system diversity, could provide a solution. They also defined cyber resilience to mean robustness and survivability, gauged by performance and enduring availability. It also encompasses aspects of both confidentiality and integrity [59]. Linkov et al. have created a customized cyber resilience matrix derived from their original generic matrix of resilience metrics. The matrix had four stages of the event management cycle that a system must uphold to achieve resilience (Plan/Prepare, Absorb, Recover, Adapt). Finally, it concluded that the resilience matrix is a valuable diagnostic tool for organizations to identify and establish connections between system measures and the design and operation of intricate systems [60]. In his book, Hasan Cam discussed the importance of effectively managing risk and resilience in a dynamic cyber-physical system to ensure successful completion of missions and presented a model featuring system state equations based on cyber security parameters and elaborates on leveraging the controllability and observability aspects of linear/nonlinear systems to effectively handle cyber security risk and resilience.

NIST's initial work on cyber resilience began with the publication of its cyber security Framework in 2014, which provided a collection of guidelines and best practices for enhancing cyber security in diverse sectors. The framework emphasized the need for organizations to be prepared for cyber attacks, and to have the ability to detect, respond to, and recover from them [61].

Ken Allan stated that for organizations to become more secure in the complex and risky cyber ecosystem, they must undergo a cyber security journey. This journey requires activating, adapting, and anticipating to demonstrate true commitment to cyber resilience [62]. Bodeau et al. supported by MITRE (2014) highlighted the significance of cyber resiliency assessments to enhance architectural resiliency against advanced cyber threats cost-effectively. The assessment process should consider political, operational, economic, and technical constraints. They categorized the cyber resiliency domain into goals, objectives, and techniques. Goals are broad statements that define intended outcomes, objectives are more specific statements used for assessment and techniques encompass technical, operational, or governance approaches employed to achieve the objectives of cyber resiliency [63]. Fink et al. in their article discussed the challenge of defining and measuring resilience in information sciences and proposed a definition that combines concepts from mechanics of materials and queuing theory to precisely articulate the notion of resilience for information systems [64].

Fredrik Björck et al., in a conference paper, examined the foundational elements of cyber resilience and claimed that cyber resilience has gained attention and importance following the 2012 World Economic Forum gathering in Davos [65]. Björck also showed the state of cyber resilience as a subject of academic research in 2015. It revealed that only 402 articles within the Google Scholar index encompassed the term 'cyber resilience,' with a mere 21 articles featuring it in their titles. Ultimately, the paper defined cyber resilience as the ability to continuously deliver the intended outcome despite adverse cyber events [65]. The Cyber Resilience Engineering Framework (CREF) is a formal approach proposed by Yasir Imtiaz Khan and Ehab Al-Shaer to assess cyber resilience from multiple levels and perspectives. It included concepts like cyber models/programs, attack goals/properties, measuring methods, nominal resilience, tolerance threshold, and resilience evaluation graph. CREF serves as a metric to gauge the resilience of the network against expected or unexpected attacks or properties, varying knowledge and capability of the attacker, and proactive, resistive, and reactive resilience [66]. Jason Ferdinand noted that the absence of a common approach to the concept of cyber resilience has resulted in fragmented literature, hindering collaboration among public, private, and governmental entities in their endeavors to establish and uphold cyber resilience [67]. The European Union Agency for Cybersecurity (ENISA) strives to strengthen the resilience of Europe's critical information infrastructure and networks and supports EU member states in implementing relevant EU legislation. In a 2015 study, it focused on the availability, continuity, and resilience of eHealth services and infrastructures, identifying critical assets that constitute the eHealth system and presenting various use cases to study the impact of data integrity and resilience. The study recommended that member states and healthcare organizations establish an information-sharing mechanism to exchange knowledge and lessons learned on cyber security issues and implement widely accepted security standards to achieve interoperability [68]. MITRE (2014) has defined resilience as the extent to which a nation, organization, or mission is able to prepare for and adapt to changing conditions, and withstand and recover rapidly from deliberate attacks, accidents, or naturally occurring threats or incidents. This definition of resilience is consistent with Resilience Engineering and Operational Resilience [69]. For the purpose of updating the Cyber Resiliency Engineering Framework (CREF), cyber resiliency is the ability of cyber systems and cyber-dependent missions to anticipate, continue to operate correctly in the face of, recover from, and evolve to better adapt to advanced cyber threats. This definition, while it indicates the scope of cyber resiliency, is dependent on the terms “resilience” and “cyber.” [70]. Sutanay Choudhury et al. introduced a straightforward and deterministic graph-based model that depicts the infrastructure, behavior, and missions of an enterprise, serving as a means to attain resilience against failures and attacks [71].

A study in 2016 aimed to improve information security and resilience in hospitals to enhance patient safety and prevent disruptions to smart components, emphasized the importance of cyber resilience in ensuring the availability and continuity of services in the healthcare sector. Effective enterprise governance for cyber security was recommended, and the benefits of IoT implementation were highlighted. Additionally, the study emphasized the need for hospitals to identify their assets and interconnectivity and for manufacturers to refuse built-in network capabilities to ensure safety and resilience. Moreover, a definition of cyber resilience was given as the ability of a hospital to ensure the availability and continuity of its services that rely on ICT assets [72]. Hiep Tran et al. put forth the Cyber Resilience Recovery Model (CRRM), emphasizing that the design for resilience necessitates significant investments in time, effort, and resources. The authors concluded that an effective incident response and recovery model should ideally maintain a relationship where the Recovery Rate consistently exceeds the Incident Rate at any given time t [73]. In 2016, Bodeau and Graubart supported by MITRE presented their observations on cyber resilience metrics, which were derived from their practical experience, collaborative workshop sessions, and extensive literature review. They noted that the role of cyber resilience in organizational resilience models is not clearly expressed, and frameworks such as the Cyber Resilience Review (CRR) and the NIST Cybersecurity Framework do not adequately cover cyber resilience [74].

Keith F. Joiner conducted a comparative analysis between Australia's Department of Defense (DoD) and the United States' DoD, examining the widening gap in cybersecurity capabilities. Joiner proposed that the Australian DoD should promptly undertake operationally focused cyber-survivability trials, leveraging its alliance with the United States as a means to bridge the divide between the two nations [75]. Ada S. Peter pointed out that there is economic advancement resulting from investments in cyber security in countries such as Egypt, Kenya, Nigeria, and Tunisia. To support this conclusion, Peter introduced a Cyber Resilience Preparedness Index to assess and contrast the cyber resilience of the leading 12 emerging economies in Africa [76]. William Arthur Conklin & Dan Shoemaker argued that achieving 100% security is not possible for enterprises because there are too many threats to ensure it. They suggested that cyber resilience should be ingrained into the foundation of the organization to prepare, detect, respond, and recover from attacks. Cyber resilience is not a defensive stance but facilitates practical survival when confronted with attacks. Additionally, they recommended investing in the development of cyber resilience is equivalent to investing in the long-term survival of the organization [77].

NIST published an update to the Cybersecurity Framework of 2014 (Version 1.1) in 2018 that encompasses established benchmarks, recommendations, and optimal approaches prioritizing flexibility and cost-effectiveness to foster the safeguarding and resilience of vital infrastructure and other key sectors crucial to the economy and national security. The update included an additional segment on self-assessment, elaborated guidance regarding the utilization of the Framework for managing cyber supply chain risks, improvements in the areas of authentication, authorization, and identity verification, clarification of the correlation between implementation tiers and profiles, and inclusion of measures for coordinated disclosure of vulnerabilities [78]. The Basel Committee on Banking Supervision released a report on "Cyber-resilience" in December 2018, which outlined cyber resilience practices and expectations across jurisdictions. The report highlighted four key aspects of cyber resilience: organizational governance and mindset, evaluating and preparing for risks, effective communication and sharing of information, and managing relationships with external entities. The report noted that most regulators rely on domestic or global benchmarks, such as NIST, ISO, and CPMI-IOSCO frameworks, for cyber resilience practices. [79]. Jian Hua et al. examined the role that individuals can exhibit financial resilience in the face of cyberterrorist attacks targeting financial systems. They suggested that attacks may cause customers to alter their savings behavior by actively pursuing financial variety, potentially resulting in disruptions in business activities, liquidity, and brand image [80]. Nicholas Jacobs et al. illustrated how to measure cyber resilience for control systems and underscored the importance of cyber resilience as a supplementary component to cyber security for maintaining critical functions during an attack. The paper used a pretend power system model to assess the system's resilience against different attack scenarios [81]. Md Ariful Haque et al. presented an Industrial Control Systems (ICS) resilience framework developed utilizing the cyber resilience assessment model aimed at evaluating the resilience of the ICS. The evaluation of resilience encompasses the dimensions of robustness, redundancy, resourcefulness, and rapidity within the three spheres: physical, organizational, and technical [82]. As 2019 approaches, the transportation systems become increasingly digitalized, there is a growing concern for the protection and well-being of these systems. The integration of various digital technologies in transportation, such as autonomous vehicles, intelligent transportation systems, and connected vehicles, has the potential to improve safety, efficiency, and sustainability of transportation, but it also creates new vulnerabilities and risks related to cyber security [83, 84].

Figure 3 provides a visual summary of the critical aspects discussed in the section on cyber resilience research from 2011 to 2019.

Fig. 3
figure 3

Key takeaways from cyber resilience research (2011–2019)

Many researchers from various scientific fields tried to analyze the meaning of resilience, as it has been the target of numerous studies in recent years. Although cyber resilience is often discussed within a limited operational scope (such as information and physical domains), it is, in reality, a characteristic that pertains to the entire system. Thus, it should not only be assessed based on the interlinked operational domains but also within the context of the interrelated and interdependent cyber ecosystem [85]. Cyber resilience has a net positive impact on defense capabilities [86] and is essential for economic development, stable societies and secure defenses [87].

Cyber resilience is crucial in today's digital landscape, and it requires a proactive approach to cyber security that involves continuously improving defenses and response capabilities. While organizations have implemented various cyber security measures, cyber attacks continue to be a significant threat to businesses, governments, and individuals. Cyber resilience focuses on maintaining essential functions and quick recovery from cyber incidents, and achieving it requires activating, adapting, and anticipating. The absence of a standardized methodology to cyber resilience has hindered cooperation among stakeholders from public, private, and governmental sectors. Mitre Corporation's Cyber Resiliency Engineering Framework and the World Economic Forum's Principles for Cyber Resilience are formal approaches that provide guidelines for organizations to enhance cyber resilience. Additionally, defining and measuring resilience in cyber systems is a subject of study that necessitates additional advancement as mentioned in most of papers. The Cyber Resilience Recovery Model proposed provides a proposed model for addressing and restoring incidents that emphasizes the significance of the speed of recovery being greater than the incident rate to achieve cyber resilience.

There were significant advancements in the development of models, protection software, modeling and simulation toolkits, and methodologies to address the challenge of ensuring cyber resilience. It was mentioned that response time is of paramount importance in the sphere of maintaining cyber resilience. Additionally, the used of human intervention through system diversity, such as the combination of analog and manual systems for IT system assurance, has been highlighted. Guidelines for program development suggested, which included general definitions of the system's ability to operate safely and deliver the intended results continuously. Moreover, definitions of key terms such as anticipate, withstand, recover, evolve, resist, tolerate, respond, detect, robustness, survivability, confidentiality, integrity, plan, prepare, absorb, adapt, and continuity mapped out.

The issue of cyber resilience gained significant attention as a national security concern, with calls for leadership develop standards and present governance and culture as a dimension of cyber resilience. Cyber resilience categorized into stages, goals, objectives, and techniques, although there is still a lack of a common approach to the topic, which may result in fragmented literature. Approaches to the topic of cyber resilience have also been made by European organizations, and it has been suggested to create an information exchange mechanism to exchange views and approach the problem. There have also been investments in African countries. In addition, a proposed cyber resilience assessment model aimed to align resilience with both engineering and operational practices, and a cyber resilience assessment model has been proposed for an industrial resilience framework. Several cyber resilience cases studied in various sectors, including healthcare (hospitals), financial institutions, supply chains, SMEs, intelligent transport systems, and the use of digital processing in ship and aircraft systems. Within the realm of IoT and Industry 4.0, cyber resilience is gaining importance due to the increased reliance on interconnected devices and systems. These devices are frequently linked to the internet, rendering them susceptible to cybersecurity risks.

4.4 Exploring the conceptual framework of cyber resilience

Cyber resilience can be viewed as a form of economic resilience that focuses on mitigating the following: (a) minimizing supply-side disruptions to cyber products and services, thereby reducing the impact on downstream customers and the cyber sector's own suppliers, and (b) minimizing the losses experienced by customers due to cyber disruptions, which subsequently reduces losses throughout the supply chain [88].

MITRE has updated its definition of cyber resilience to align with NIST's definition, reflecting a convergence of views between the two organizations. According to their updated definition, cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources [89]. Law insider dictionary based on two documents and just in 2022 gave a definition about cyber resilience as the ability of a financial institution to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents [90]. Terminology of cyber resilience is not defined by Merriam-Webster and Oxford dictionaries, while a definition of cyber security is available. As mentioned above, resilience is defined alone. The extraordinary magnitude and complexity of cyber attacks have highlighted the dynamic nature of cyber resilience. It has become apparent that the strategies employed in the past to protect and uphold the IT infrastructure of the NATO Alliance might not suffice in the future [91].

Based on the analysis of various publications and definitions of cyber resilience, it is evident that a universally accepted and consistent definition of the term is yet to emerge. A total of 19 different definitions were found from various organizations and scientific papers, with only a few organizations attempting to attribute a different interpretation (Table 1). It is noteworthy that the majority of organizations rely on the definition given by the National Institute of Standards and Technology (NIST), which is the most widespread and frequently used definition. Despite the absence of a concise and unambiguous definition, the differentiation of concepts offers the possibility of drawing conclusions about the role and utility of cyber resilience. However, a significant amount of confusion was observed due to cases where the term is subject to modifications over time, even by same organization. Having a precise definition of cyber resilience is imperative, as it plays a vital role in safeguarding and fortifying crucial infrastructure, systems, and data in the era of digitalization. Having multiple definitions of cyber resilience can create confusion and inconsistencies in its interpretation, leading to inadequate protection of critical systems and data. It is, therefore, essential to have a clear and consistent definition that can be widely accepted and applied, while also allowing for adaptations to suit specific requirements. A clear definition of cyber resilience can help organizations and governments develop effective strategies for managing cyber risks, protecting critical infrastructure and systems, and maintaining business continuity. It can also facilitate better communication and collaboration among stakeholders and contribute to the development of international standards and best practices. However, while it would be ideal to have a universally recognized definition of cyber resilience, it may not be necessary to have only one definition. This is because the notion of cyber resilience can find application across diverse contexts and industries, and the definition may need to be adapted to suit specific requirements.

Table 1 Definitions of cyber resilience

After evaluating all the definitions provided, one possible definition of cyber resilience is the definition provided by ASIC in 2019 [97], which states that "cyber resilience is the capacity of an organization to prepare for, respond to, and recover from cybersecurity events". However, it is worth noting that the organization itself produced a new definition in 2023 [103]. This definition emphasizes the significance of being proactive in preparing for potential cyber threats, as well as the ability to respond and recover quickly in case of a cyber incident. Moreover, it suggests that cyber resilience is an essential part of overall organizational resilience, as cyber attacks can have a severe impact on business continuity and productivity. In the realm of cyber resilience, key terms such as “defense” and 'recover' emerge prominently, as discerned from an analysis of pertinent literature and research papers in the field. This insight is visually conveyed in Fig. 4.

Fig. 4
figure 4

Graphical representation of common words that describe resilience

There is an objection to the use of the term "capacity", but this will be analyzed below. Although there seems to be a good understanding of the concept of cyber resilience, the given definitions vary. While the etymology of the words used presents both similarities and differences, the correlation of the semantic structure of the words defining resilience aims to present and clarify the notion of the concept of cyber resilience in a simple and understandable way.

Cyber resilience is defined as the ability, capability, or capacity of a system (computer or network). Although these terms are closely related, they each highlight different meanings. A system is called resilient when it is able to recover from a problem or failure. This means that the system must have the skills to address the problem, even if it does not do so immediately. The goal is to develop the system's skills to achieve resilience. In this sense, the term "ability," which refers to having skills or intelligence, is appropriate. As capacity refers to the maximum amount that a system can hold or handle, it is not necessarily directly related to resilience. Capability, on the other hand, refers to the ability of something to perform a difficult or challenging task. When applied to the domain of cyber resilience, capability may indicate the system's aptitude to endure intricate cyber attacks or to rapidly recuperate from a significant system breakdown. A system with robust capability can manage these obstacles proficiently and preserve its operability. From among the three terms, the use of the word "ability" has become prevalent without evidence of its use. While "ability" may seem to be a shorter and more palatable word, "capability" may be the most appropriate term to describe the system's ability to perform difficult or challenging tasks related to resilience. Considering the usage of cyber resilience, we suggest using another word that is more familiar to define the concept of cyber resilience. This word is "adaptability". According to dictionaries, "adaptability" refers to the ability or willingness to change in order to suit different conditions, the capability of being or becoming adapted or the characteristic of being capable of transformation or undergoing modifications to effectively navigate unfamiliar circumstances [104,105,106]. The first known use of "adaptability" was in 1692 [104]. Across commonly accepted definitions, "adaptability" is consistently depicted as the capability to flexibly adjust or be altered to conform to changed circumstances. In the realm of IT systems, "adaptability" signifies the ability of a system to undergo changes that align it with its evolving environment [107]. "Adaptability" is a more suitable term than "ability" or "capability" to describe the concept of cyber resilience, as it refers to a system's ability to change and respond to new or evolving conditions. In the context of cyber security, this means that a resilient system must be capable of adapting to emerging threats and risks.

Recovery, on the other hand, is about restoring systems and processes to normal functioning, while business continuity is about ensuring that essential business operations can continue during and after a disruption. However, words such as adaptation, response, preparation, detection, and mitigation are also associated with cyber resilience. The use of the word “protection” conflicts with the definition of cyber security as reflected in the previous section. For this reason, the comparison between cyber resilience and cyber security will be analyzed below.

5 Cyber security and cyber resilience: understanding the distinction

Cyber security and cyber resilience are two concepts that, while quite close, are certainly not identical. Cyber security revolves around responding, while cyber resilience revolves around proactively anticipating [12]. While cybersecurity holds significant strategic value, there may be an inadequate foundation to ensure overall resilience. Existing governance systems for cyber defense lack efficacy, as numerous resilience-contributing functions fall under private ownership. The expanding presence of privately controlled critical national infrastructure exacerbates the tension between collaboration and confidentiality. The amalgamation of technology and the dispersion of responsibilities and expertise pose challenges to the resilience of cyberspace [59].

Fredrik Björck et al. conducted a study exploring the notion of organizational cyber resilience. They delved into the fundamental characteristics of cyber resilience, highlighting the distinctions between cyber resilience and its closely related counterpart, cyber security. In their analysis, they contrasted cyber resilience with cyber security based on five aspects: objective, intention, approach, architecture, and scope. Each of these aspects revealed variances in how resilience and security are approached. Their findings indicate that cyber resilience is primarily oriented toward business objectives, with the objective of consistently achieving desired business outcomes even in the face of adverse cyber events [65]. Mitre Corporation highlighted the growing significance of cyber resiliency as a crucial element of a comprehensive defense strategy. Unlike cyber security, which primarily aims to prevent adversaries from breaching systems, cyber resiliency acknowledges the challenges posed by sophisticated adversaries. It operates on the assumption that determined adversaries cannot be easily deterred. In the event of a successful attack stemming from persistent threats, organizations must ensure the continuity of their critical functions despite these adverse circumstances [92].

According to the ITU-T's Technical Report on Smart Sustainable Cities, the resilience of information and communications technology (ICT) systems is associated with a set of attributes that can be linked to security in the following manner:

  • Robustness and the capacity to sustain performance and operations even when faced with a cyber-attack or other disruptive incidents (e.g., natural disasters).

  • Redundancy of system components enabling the system to recover operations within a defined timeframe, in case of sudden, partial, or complete interruptions.

  • Flexibility and adaptability to changing circumstances, including the ability of the systems to proactively address future threats by rectifying underlying issues that led to the incident or occurred during an incident [108].

In 2017, Conklin, William Arthur Conklin et al. attempted to compare cyber resilience with cyber security and concluded that organizations must amalgamate the concepts of cyber security and cyber resilience into a single strategy to effectively prevent the inevitable digital Pearl Harbor [109].

A study conducted by Darko Galinec and William Steingartner aimed to explore strategies, processes, and approaches for achieving cyber resilience in the face of emerging security risks. The investigation also sought to elucidate the interrelationships among cyber security, information security, operational technology (OT) security, IT security, and other associated disciplines and practices, such as cyber defense. The findings emphasized that resilience should not be equated with "recovery" alone. Rather, it is a long-term, ongoing process that should be integrated into the broader business or organizational strategy. In the context of cyber events, resilience refers to an organization's preparations regarding threats and vulnerabilities, the development of defensive measures, and the availability of resources to mitigate security failures when they occur. The notion of normalization is critical, treating cyber risk as akin to any other risk that organizations must address in order to achieve their objectives [110]. William Arthur Conklin and Dan Shoemaker suggested that cyber resilience is a broader security approach than cyber security, with the goal of ensuring continuous functioning of an organization's core operations in the event of a security breakdown. The two approaches are important and ideally work together to create a secure organization. Cyber resilience involves changing enterprise architecture to build-in greater resiliency, assessing and improving an organization's ability to minimize harm and recover from incidents, and is an incremental strategic development process that involves phasing in requisite capabilities into existing enterprise processes [77].

According to Vittorio Vitello, the rise of cyber resilience can be attributed to the recognition that, despite having various defenses in place, organizations still face a probability of experiencing attacks. As a result, Cyber Security and Cyber Resilience are distinct yet interconnected concepts that work together symbiotically. Many companies continue to treat them as separate but interrelated solutions, often creating separate policy frameworks and strategies for cyber security and resilience. However, there is greater value in integrating cyber security as an integral component of an overarching cyber resilience approach [111].

The NIST Cyber Resiliency Engineering Framework stands apart from the NIST Cybersecurity Framework, presenting a comprehensive set of constructs designed specifically for cyber resilience. These constructs encompass goals, objectives, techniques, approaches, and design principles, offering organizations a robust foundation to enhance their ability to anticipate, withstand, recover from, and adapt to adverse conditions, including cybersecurity threats.

Within the context of the NIST Cybersecurity Framework, while terms like "Anticipate," "Withstand," "Recover," and "Adapt" aren't explicitly labeled as functions, the framework's core functions—Identify, Protect, Detect, Respond, and Recover—inherently contribute to the broader goal of building cyber resilience. In Fig. 5, the NIST Cybersecurity Framework is dissected, spotlighting the contributions of each function to organizational resilience.

Fig. 5
figure 5

Enhancing resilience: NIST cybersecurity framework's impact

Although the NIST Cybersecurity Framework serves as a foundational tool for addressing specific cybersecurity challenges, the broader concept of cyber resilience goes beyond its functions. It encompasses not only securing systems and data but also preparing for, recovering from, and adapting to a wide spectrum of challenges, including but not limited to cyber threats. Organizations are urged to integrate principles from both the NIST Cybersecurity Framework and other resilience frameworks. This integration facilitates the development of a comprehensive and holistic approach to cybersecurity and resilience, enhancing organizations' overall ability to navigate and withstand disruptions in the dynamic cyber landscape.

Exploring the nuances of terminology, the spelling of cyber resilience is consistently used in two words, while the spelling of cyber security can vary between cyber security and cyber security. As for the terms resilience and resiliency, both are correct and can be used interchangeably. According to Grammarist (an E-learning platform), in modern English, the term resilience is more commonly used than resiliency, especially outside of the U.S. and Canada. While both terms are considered correct and can be used interchangeably, resilience is the preferred spelling in most parts of the world. This preference is reflected in the usage of the term in academic literature, professional writing, and everyday language. Therefore, when discussing the concept of cyber resilience, it is more appropriate to use the spelling "resilience" rather than "resiliency". Resilience is considerably more prevalent in North American publications, appearing approximately four times as frequently as resiliency. On the other hand, outside of North America, the usage of resiliency is infrequent and less common [112]. An extensive search of the available literature found no other comparative reports between cyber resilience and cyber security. Cyber resilience and cyber security are related concepts but they have different goals and approaches. While both cyber security and cyber resilience are important for organizations, they have different objectives and require different strategies and measures. Gaining insights into the distinctions is crucial for organizations to comprehend between the two and to develop a comprehensive cyber strategy that includes both cyber security and cyber resilience.

6 Current state and future of cyber resilience

The exploration of the evolution of the concept of cyber resilience is crucial for understanding its consistency over time. Given the rapid advancements in technologies, cyber threats, and challenges in the cyberspace domain, the term "cyber resilience" can be interpreted in various ways. This research allows monitoring changes in the understanding, scope, and requirements related to cyber resilience and assessing how these changes impact the broader strategy and management of cyber security. Furthermore, this study enables us to identify potential common factors or trends that persist in the concept of cyber resilience over time. In this way, we enhance our understanding of how perceptions of this significant concept evolve.

It is essential to observe this continually changing landscape, recognizing that legislative requirements concerning cybersecurity are susceptible to changes over time. The ability for continuous awareness and swift adaptation to these dynamic changes is crucial, serving as a fundamental aspect not only for ensuring compliance with emerging rules and regulations but also for shaping strategies that enhance and promote cyber resilience. Understanding the latest developments in the field of cyber resilience enables organizations to equip their personnel with the necessary knowledge to recognize and address new threats in the cyber domain. Moreover, such understanding serves as the foundation for creating frameworks that facilitate the adoption of best security practices. In reality, this strategic understanding contributes to cultivating an organizational environment that not only adeptly responds to immediate challenges but also fosters a culture of long-term cyber security. By comprehending these developments, we can adapt to new conditions and develop effective strategies to address cyber threats.

6.1 Current state of cyber resilience and its role in modern cyber security strategies

In recent discussions on cyber security, the concept of cyber resilience has gained significant attention and popularity, primarily due to its elusive nature, making it challenging to precisely define and quantify [113]. Technology is characterized by constant evolution and the initiation of more and more people worldwide. As cyberinfrastructure becomes more prevalent and e-Science initiatives gain traction, the scientific landscape is undergoing globalization, resulting in decreased entry barriers and the formation of open and interconnected innovation communities on a global scale [114]. A significant number of manufacturing supply chains exhibit lower levels of automation or have processes that can sustain operations through manual intervention, even in the absence of internet connectivity. This inherent characteristic allows them to demonstrate remarkable resilience in the face of internet disruptions [34]. Most often, cyber resilience fluctuations are caused by power grid maintenance, which are described in the scientific literature as targeted events resulting from political decisions of countries against economic or political interests. Abundant reports and widespread media coverage emphasize the pressing need to enhance the resilience of our power grid [115]. The ramifications of such interdependencies, particularly when IT systems lack adequate security measures, are significant. The failure or complete breakdown of public energy grids, banking systems, supply chains, or public administration can result in substantial economic harm and have a profound impact on entire nations [116].

The uninterrupted operation of data centers encounters obstacles from skilled cyber adversaries and sporadic occurrences of natural calamities [117]. Catastrophic events like natural disasters or acts of terrorism can have severe impacts on both public and private communication networks, jeopardizing critical functions they support [118]. There are a lot of examples of disruptions that caused difficulties to the cyberspace like pandemic of COVID-19, the war between Ukraine and Russia. Therefore, it is crucial to adopt a different mindset and implement appropriate measures to effectively govern the evolving cyber risk landscape, aiming to prevent major incidents [119].

6.2 Impact of the COVID-19 pandemic outbreak on cyber resilience

The COVID-19 pandemic has led to an increase in cyber threats and attacks, which has highlighted the need for cyber resilience. Cyber resilience has been important for individuals and organizations to protect against detect, and respond to cyber threats during the pandemic. However, the outbreak of COVID-19 did not cause the outbreak of cyber resilience. Cyber resilience has always been important in protecting against cyber threats, and the pandemic has only emphasized its importance. Many insurance companies worldwide have developed strategies to provide cyber protection in response to this trend. In Europe, the issue of resilience has received increased attention at a strategic level in recent years, including the publication of cyber security best practice guides aimed at the private and public sector by ENISA.

A Scopus search of the terms “resilience AND Covid” yielded 5,765 document results as of March 2022. The increase in the number of papers is evident, as there were 1,280 papers found in 2020, and the number doubled in 2021. The initial results suggest that Covid has an impact on resilience [120]. Future research on the impact of cyber resilience in the Covid era could focus on several key areas. Firstly, it would be valuable to explore the effectiveness of existing cyber resilience strategies in protecting against new and emerging cyber threats that have arisen during the pandemic. Additionally, research could investigate how the increased reliance on remote work and digital communication has affected cyber resilience, and identify new challenges and opportunities for enhancing cyber resilience in this context.

Another important area of study would be to assess the long-term impact of the Covid-19 pandemic on the cyber security landscape, and how this will influence the development of cyber resilience strategies in the future. Long-term security encompasses measures that guarantee the sustained functioning and resilience of digital systems in the face of evolving challenges. This could include exploring how the pandemic has shifted the priorities of organizations and individuals with respect to cyber security, and how these changes may influence the adoption of new technologies and best practices for cyber resilience.

Finally, future research could focus on identifying and addressing gaps in cyber resilience knowledge and training, particularly for individuals who may be less familiar with digital technologies and cyber security best practices. This could involve developing new training programs or resources to enhance cyber resilience among vulnerable populations, such as small businesses or low-income individuals who may be at greater risk of cyber threats during the pandemic. Overall, future research on the impact of cyber resilience in the Covid era has the potential to significantly advance our understanding of this critical aspect of cyber security and inform the development of effective strategies for protecting against cyber threats in the future. As the field of study has likely undergone significant changes beyond this point, our research lays the groundwork for examining a crucial period leading up to this juncture. This initial study provides a valuable foundation for investigating a period of serendipity within the context of the developments in cyber resilience.

6.3 Conclusion: lessons learned and implications for future research

The meaning of cyber resilience is flexible and multidimensional. Μany assessments of the concept have been made, but it still remains unclear without convergence of interpretations. However, the collection of different definitions of cyber resilience that have been given over the years is the basis for accepting the existence of the term and its usefulness. In reality, security and resilience are largely distinct from each other. The actions associated with "security" focus on fortification and containment, while those related to "resilience" emphasize adaptability and continuity [121].

The need for cyber resilience began to emerge with the use of computers and networks became more widespread and critical to personal and organizational activities. As more sensitive information and assets were stored and transmitted online, the risk of cyber attacks increased. This led to a recognition of the need for better protection against such attacks and the ability to quickly recover from them. The frequency and sophistication of cyber attacks have continued to grow, making cyber resilience an significance of cyber resilience continues to grow for individuals, enterprises, and governing bodies. The growing dependence on technology in every facet of existence has further highlighted the need for robust cyber resilience strategies that can help organizations withstand and recover from cyber attacks, data breaches, and other security incidents. In brief, the evolution of cyber resilience is proportional to the acceleration of digital transformation. With the expanding integration and pervasive presence of technology and digital systems in our daily lives, the risk of cyber attacks grows in tandem. Therefore, it is crucial for organizations to continually improve their cyber resilience measures in order to keep pace with the rapid advancement of technology and the evolving threat landscape.

Cyber security refers to the practice of protecting individuals and society from cyber threats through a range of technologies and practices, including firewalls, antivirus software, encryption, and access controls. Cyber security also involves policies, procedures, and best practices designed to prevent, detect, and respond to cyber attacks. Cyber resilience, on the other hand, refers to the capability of an organization or system to endure and adjust to unfavorable cyber events, such as cyber attacks, data breaches, and system failures. It is a holistic approach to cyber security that recognizes that security incidents are inevitable, and focuses on building the organization's ability to withstand and bounce back from these incidents, rather than solely preventing them. At present, cyber security and cyber resilience are issues of growing importance and urgency.

The evolution study of cyber resilience found that organizations that prioritize cyber resilience and adopt a proactive approach to cyber security are more likely to maintain essential functions and recover quickly from cyber incidents. Further investigation is advised to delve deeper into the subject matter to investigate the contribution of national organizations in the evolution and advancement of cyber resilience. It has come to light that the term cyber resilience was first used in 2005 by a government organization. This marked a defining moment as the term cyber resilience gained prominence and formal acknowledgment, signifying its emergence as a crucial concept. The research identified the key themes and findings that have emerged from cyber resilience research from 2010 to 2019, exploring novel approaches, techniques, and technological advancements, as well as establishing fundamental principles to enhance cyber resilience and the challenges of defining and measuring resilience in cyber systems. The study also highlighted the need for further research and development in resilience metrics to adequately represent the resilience of a system. The findings indicate that organizations that employ a cyber resilience approach are more adept at adjusting to shifting circumstances and have a greater capacity to endure and swiftly recover from deliberate attacks, unforeseen accidents, or naturally arising threats or incidents. As the research years in the field of cyber resilience roll on, there is a strong approach from different aspects on the topic, broadening the conceptual framework of cyber resilience quite a bit. The documents are continuously proliferating, making it difficult to present them in an attempt to capture the historical evolution of the field. By the time of the Covid-19 pandemic outbreak, the use of the term cyber resilience and its necessity in the functioning of an evolving society had already been established. Upon analyzing the lexicon surrounding cyber resilience over the years, "recover" appears to have been the most frequently utilized term. However, after examining the various definitions attributed to the concept, if we were to select a singular word to embody cyber resilience, "adaptability" would best encapsulate its essence. This is because it accurately reflects the ability of an organization or system to adapt and respond to changing circumstances and overcome cyber attacks or failures. Cyber resilience involves not just defending against attacks, but also being able to recover, learn, and evolve from them. By this period, there is still no common definition of space that has emerged. Despite being present in global dictionaries, the term has yet to be defined in its entirety, with existing entries only offering interpretations of individual words rather than a comprehensive definition.