{"id":"https://openalex.org/W4414427384","doi":"https://doi.org/10.3390/systems13100835","title":"How Does AI Transform Cyber Risk Management?","display_name":"How Does AI Transform Cyber Risk Management?","publication_year":2025,"publication_date":"2025-09-23","ids":{"openalex":"https://openalex.org/W4414427384","doi":"https://doi.org/10.3390/systems13100835"},"language":"en","primary_location":{"id":"doi:10.3390/systems13100835","is_oa":true,"landing_page_url":"https://doi.org/10.3390/systems13100835","pdf_url":"https://www.mdpi.com/2079-8954/13/10/835/pdf?version=1758698064","source":{"id":"https://openalex.org/S4210219410","display_name":"Systems","issn_l":"2079-8954","issn":["2079-8954"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2079-8954/13/10/835/pdf?version=1758698064","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015188203","display_name":"Sander Zeijlemaker","orcid":"https://orcid.org/0000-0002-2697-5207"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sander Zeijlemaker","raw_affiliation_strings":["Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119702494","display_name":"Yaphet K. Lemiesa","orcid":null},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yaphet K. Lemiesa","raw_affiliation_strings":["Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114761514","display_name":"Saskia Laura Schr\u00f6er","orcid":"https://orcid.org/0000-0002-2952-5228"},"institutions":[{"id":"https://openalex.org/I184656255","display_name":"University of Liechtenstein","ror":"https://ror.org/01qjrx392","country_code":"LI","type":"education","lineage":["https://openalex.org/I184656255"]}],"countries":["LI"],"is_corresponding":false,"raw_author_name":"Saskia Laura Schr\u00f6er","raw_affiliation_strings":["Data and Application Security, University of Liechtenstein, F\u00fcrst-Franz-Josef-Strasse, 9490 Vaduz, Liechtenstein"],"raw_orcid":"https://orcid.org/0000-0002-2952-5228","affiliations":[{"raw_affiliation_string":"Data and Application Security, University of Liechtenstein, F\u00fcrst-Franz-Josef-Strasse, 9490 Vaduz, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053272015","display_name":"Abhishta Abhishta","orcid":"https://orcid.org/0000-0001-7122-3103"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Abhishta Abhishta","raw_affiliation_strings":["Industrial Engineering and Business Information Systems, University of Twente, Ravelijn (Building No. 10), Room 3351, Hallenweg 17, 7522 NH Enschede, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Industrial Engineering and Business Information Systems, University of Twente, Ravelijn (Building No. 10), Room 3351, Hallenweg 17, 7522 NH Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077262186","display_name":"Michael Siegel","orcid":"https://orcid.org/0000-0002-2573-9616"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Siegel","raw_affiliation_strings":["Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Security at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, 245 First St., E94-1567, Cambridge, MA 02142, USA","institution_ids":["https://openalex.org/I63966007"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5015188203"],"corresponding_institution_ids":["https://openalex.org/I63966007"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":1.7657,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.8839536,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"13","issue":"10","first_page":"835","last_page":"835"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.6739000082015991,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.6739000082015991,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.5085999965667725},{"id":"https://openalex.org/keywords/principal","display_name":"Principal (computer security)","score":0.445499986410141},{"id":"https://openalex.org/keywords/systemic-risk","display_name":"Systemic risk","score":0.44029998779296875},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.3977000117301941},{"id":"https://openalex.org/keywords/cyberwarfare","display_name":"Cyberwarfare","score":0.3840000033378601},{"id":"https://openalex.org/keywords/deception","display_name":"Deception","score":0.3488999903202057},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.33009999990463257}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6276000142097473},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.5085999965667725},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4681999981403351},{"id":"https://openalex.org/C144559511","wikidata":"https://www.wikidata.org/wiki/Q2986279","display_name":"Principal (computer security)","level":2,"score":0.445499986410141},{"id":"https://openalex.org/C144587487","wikidata":"https://www.wikidata.org/wiki/Q1369234","display_name":"Systemic risk","level":3,"score":0.44029998779296875},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.3977000117301941},{"id":"https://openalex.org/C171769113","wikidata":"https://www.wikidata.org/wiki/Q849340","display_name":"Cyberwarfare","level":2,"score":0.3840000033378601},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3831000030040741},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.35030001401901245},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.3488999903202057},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.33889999985694885},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.33009999990463257},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3181000053882599},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.311599999666214},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.3091000020503998},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.2874000072479248},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.28519999980926514},{"id":"https://openalex.org/C21883318","wikidata":"https://www.wikidata.org/wiki/Q2297847","display_name":"Deliverable","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C203133693","wikidata":"https://www.wikidata.org/wiki/Q7283","display_name":"Terrorism","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C127627568","wikidata":"https://www.wikidata.org/wiki/Q1639361","display_name":"Sociotechnical system","level":2,"score":0.25760000944137573},{"id":"https://openalex.org/C2780851881","wikidata":"https://www.wikidata.org/wiki/Q1141276","display_name":"Crisis management","level":2,"score":0.25760000944137573}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.3390/systems13100835","is_oa":true,"landing_page_url":"https://doi.org/10.3390/systems13100835","pdf_url":"https://www.mdpi.com/2079-8954/13/10/835/pdf?version=1758698064","source":{"id":"https://openalex.org/S4210219410","display_name":"Systems","issn_l":"2079-8954","issn":["2079-8954"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Systems","raw_type":"journal-article"},{"id":"pmh:oai:ris.utwente.nl:openaire/98afbf0e-12c6-4a56-9b04-282471f2d594","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/98afbf0e-12c6-4a56-9b04-282471f2d594","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Zeijlemaker, S, Lemiesa, Y K, Schr\u00f6er, S L, Abhishta, A & Siegel, M 2025, 'How Does AI Transform Cyber Risk Management?', Systems, vol. 13, no. 10, 835. https://doi.org/10.3390/systems13100835","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:383b2f0c658a4023960658935ff3be21","is_oa":true,"landing_page_url":"https://doaj.org/article/383b2f0c658a4023960658935ff3be21","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Systems, Vol 13, Iss 10, p 835 (2025)","raw_type":"article"},{"id":"pmh:oai:dspace.mit.edu:1721.1/164015","is_oa":true,"landing_page_url":"https://hdl.handle.net/1721.1/164015","pdf_url":null,"source":{"id":"https://openalex.org/S4306400425","display_name":"DSpace@MIT (Massachusetts Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I63966007","host_organization_name":"Massachusetts Institute of Technology","host_organization_lineage":["https://openalex.org/I63966007"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Multidisciplinary Digital Publishing Institute","raw_type":"http://purl.org/eprint/type/JournalArticle"}],"best_oa_location":{"id":"doi:10.3390/systems13100835","is_oa":true,"landing_page_url":"https://doi.org/10.3390/systems13100835","pdf_url":"https://www.mdpi.com/2079-8954/13/10/835/pdf?version=1758698064","source":{"id":"https://openalex.org/S4210219410","display_name":"Systems","issn_l":"2079-8954","issn":["2079-8954"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414427384.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Digital":[0],"transformation":[1],"embeds":[2],"smart":[3],"cities,":[4],"e-health,":[5],"and":[6,18,23,26,88,90,128,157,171,183],"Industry":[7],"4.0":[8],"into":[9],"critical":[10],"infrastructures,":[11],"thereby":[12],"increasing":[13],"reliance":[14],"on":[15],"digital":[16],"systems":[17],"exposure":[19],"to":[20,145,165,191],"cyber":[21,41,75,140,194],"threats":[22],"boosting":[24],"complexity":[25],"dependency.":[27],"Research":[28],"involving":[29],"over":[30],"200":[31],"executives":[32],"reveals":[33],"that":[34,112,122,153],"under":[35],"rising":[36],"complexity,":[37],"only":[38],"15%":[39],"of":[40,57,96],"risk":[42,76,141,195],"investments":[43],"are":[44],"effective,":[45],"leaving":[46],"most":[47],"organizations":[48],"misaligned":[49],"or":[50],"vulnerable.":[51],"In":[52],"this":[53],"context,":[54],"the":[55,97],"role":[56],"artificial":[58],"intelligence":[59],"(AI)":[60],"in":[61,74,168],"cybersecurity":[62],"requires":[63],"systemic":[64,72,159,179],"scrutiny.":[65],"This":[66],"study":[67],"analyzes":[68],"how":[69],"AI":[70,133,154],"reshapes":[71],"structures":[73,111],"management":[77,196],"through":[78],"a":[79,91,184],"multi-method":[80],"approach:":[81],"literature":[82],"review,":[83],"expert":[84],"workshops":[85],"with":[86],"practitioners":[87],"policymakers,":[89],"structured":[92],"kill":[93],"chain":[94],"analysis":[95],"Colonial":[98],"Pipeline":[99],"attack.":[100],"The":[101,149,161],"findings":[102],"reveal":[103],"three":[104],"new":[105],"feedback":[106],"loops:":[107],"(1)":[108],"deceptive":[109],"defense":[110],"misdirect":[113],"adversaries":[114],"while":[115],"protecting":[116],"assets,":[117],"(2)":[118],"two-step":[119],"success-to-success":[120],"attacks":[121],"disable":[123],"defenses":[124],"before":[125],"targeting":[126],"infrastructure,":[127],"(3)":[129],"autonomous":[130],"proliferation":[131],"when":[132],"applications":[134],"go":[135],"rogue.":[136],"These":[137],"dynamics":[138],"shift":[139],"from":[142],"linear":[143],"patterns":[144],"adaptive,":[146],"compounding":[147],"interactions.":[148],"principal":[150],"conclusion":[151],"is":[152,164],"both":[155],"amplifies":[156],"mitigates":[158],"risk.":[160],"core":[162],"recommendation":[163],"institutionalize":[166],"deception":[167],"security":[169],"standards":[170],"address":[172],"drifting":[173],"AI-powered":[174],"systems.":[175],"Deliverables":[176],"include":[177],"validated":[178],"structures,":[180],"policy":[181],"options,":[182],"foundation":[185],"for":[186],"creating":[187],"future":[188],"simulation":[189],"models":[190],"support":[192],"strategic":[193],"investment.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}