Cybersecurity maturity model: Systematic literature review and a proposed model

Abstract

The growing importance of cybersecurity stems from its strategic value to various stakeholders, including individuals, businesses, governments, and society as a whole. Ensuring robust cybersecurity programs and assessing maturity levels is critical for organizational resilience. Cybersecurity maturity models have emerged as essential tools for evaluating readiness and guiding improvements. This study aims to systematically review existing research with bibliometric analysis and propose a cybersecurity maturity model that will help organizations assess their readiness. Web of Science and Scopus databases were searched, and bibliometric networks were visualized and explored using the VOSViewer and Biblioshiny software. This study is one of the first attempts to examine cybersecurity maturity areas using the science mapping approach. The proposed cybersecurity maturity model uses bibliometric analysis, literature searches on academic papers, industry reports, and expert opinions. The proposed cybersecurity maturity model comprises five dimensions, fifteen factors, and five levels. The proposed model is applied to three companies to demonstrate the validity using real-world examples. This study significantly contributes to the body of knowledge on cybersecurity maturity. The proposed model serves as the foundation for future researchers interested in determining cybersecurity maturity. Additionally, practitioners can use the proposed maturity factors to lead their cybersecurity systems.