A Cybersecurity Maturity Model for Digitally Transformed Organizations

Cybersecurity is a critical component of digital transformation, as the two must be integrated to enable business modernization and the adoption of innovative technologies while ensuring system security. Modern technologies introduce increasingly complex threats as more data is stored, transmitted, and processed across systems. Threats include the violation or misuse of data, such as data corruption, data theft, or a privacy violation. Determining if an organization applies the best practices requires measurements using maturity models. Several maturity models with different goals and qualities have been developed. However, no cybersecurity maturity model is related to digitally enabled or transforming organizations. The objective of this study is to develop a model that measures cybersecurity maturity for digitally transformed organizations. The model aims to provide a customizable assessment method for organizations of different sizes and domains. Two multivocal literature reviews (MLRs) were conducted to identify the available maturity models and best practices from formal and grey literature. After analyzing 165 studies, seven cybersecurity categories, as the capability areas, and 22 practice areas, were identified. Moreover, an assessment tool that supports self-assessment was developed. Finally, the model was evaluated through five case studies and expert judgments. As a result, a cybersecurity maturity model for digitally transformed organizations is developed, along with its assessment methodology and automation tool. The model evaluation showed promising results in terms of the ability to identify the maturity level.