Cyber Security Maturity Assessment Framework for Technology Startups: A Systematic Literature Review

Abstract

Cybersecurity has gained increasing interest among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology start-ups are particularly vulnerable to cyber-attacks, as appropriate security measures cannot be executed due to their limited human capital and financial resources to quantify cyber risks and allocate appropriate investments to cyber security. Focusing on technology start-ups, this study conducted a systematic literature review on cyber security maturity assessment frameworks. This study addressed five research questions on the existing cyber security maturity assessment frameworks in various industries, the target for implementation, cyber security maturity level, and shared control domains of these frameworks, and the quantification of the return of cyber security investments. Referring to the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) checklist, a detailed analysis was performed on 23 published research articles (out of 1,772) from reputable journals and conference proceedings from January 2011 to June 2022. The obtained results revealed the lack of a cyber security maturity assessment framework for technology start-ups. Despite the similarities in the cyber security maturity level for certain frameworks, the results revealed no singular framework that can evaluate the cyber security maturity level for technology start-ups. The results further revealed the lack of studies on the quantification of the return of cyber security investments in an end-to-end cyber security maturity assessment framework for technology start-ups. Author