EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cyber resilience quantification: A probabilistic estimation model for IT infrastructure

Saleh Mohammed Alhidaifi, Muhammad Rizwan Asghar and Imran Shafique Ansari

Reliability Engineering and System Safety, 2026, vol. 265, issue PB

Abstract: In today’s digital landscape, ensuring IT infrastructure resilience against increasingly frequent and sophisticated cyber-attacks is a critical priority. Cyber resilience is the ability of a system or organisation to anticipate and recover from cyber-attacks. Effective cyber resilience quantification enables systematic analysis and comparison of IT infrastructures. Cyber resilience involves resisting and recovering from cyber-attacks. Cyber resilience refers to the ability of a system to absorb, recover from, and adapt to cyber-attacks. However, existing approaches often fail to integrate dynamic probabilistic assessment methods that capture resilience fluctuations over time. This study introduces the Probabilistic Estimation-based Quantification Model for Cyber Resilience (PEQCRM), a novel framework that enhances cyber resilience measurement and strategic decision-making. The proposed model incorporates Resilience Curves (RC) and the Area Under the Curve (AUC) methodology to quantify resilience over attack and recovery phases. Additionally, it expands traditional resilience assessment by integrating cyber resilience strategies as key influencing factors. The PEQCRM model is evaluated through extensive simulations to assess its effectiveness in real-world cybersecurity scenarios. Findings reveal that different resilience strategies exhibit varying adoption, absorption, and recovery effectiveness levels. This study evaluates the extent to which a strategy can mitigate initial attack impact and adoption for the extent to which organisations implement and sustain strategy levels of four different cyber resilience strategies. Specifically, the pre-configuration strategy demonstrates the highest level of preparedness and adoption, while the buffering-supported strategy has the lowest absorption level. The managing complexity strategy achieves the highest absorption level, whereas the mesh topology strategy exhibits strong recovery capabilities and adoption rates.

Keywords: Cyber resilience; Cybersecurity; Cyber-attacks; Probabilistic estimation model; And resilience curve (search for similar items in EconPapers)
Date: 2026
References: Add references at CitEc
Citations:

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S0951832025006738
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:reensy:v:265:y:2026:i:pb:s0951832025006738

DOI: 10.1016/j.ress.2025.111473

Access Statistics for this article

Reliability Engineering and System Safety is currently edited by Carlos Guedes Soares

More articles in Reliability Engineering and System Safety from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-09-30
Handle: RePEc:eee:reensy:v:265:y:2026:i:pb:s0951832025006738