Managing Variable Cyber Environments with Organizational Foresight and Resilience Thinking


  • Eveliina Hytönen
  • Jyri Rajamäki Laurea University of Applied Sciences
  • Harri Ruoslahti



cyber threat intelligence, business continuity management, resilience, situational awareness


Combining business continuity management (BCM) and systematic cyber threat intelligence (CTI) can improve cyber situational awareness to support decision-making through the phases of the resilience cycle (plan, absorb, recover, adapt) to ensure the continuity of organizational operations when encountered by cyber disruptions. End-user needs, human factors, high ethical standards, and social impacts can best be adapted when professionals from different fields work together with end-users to refine and co-develop selected tools into a platform. A resilience assessment that combines BCM and CTI enables 1) quick or detailed assessment of the investigated industry and its critical processes, 2) measurement of performance goals based on information received from end users, where artificial intelligence-based self-learning approaches can be used for functional descriptions, 3) information on the sensitivity of the investigated industry and vulnerability and 4) resilience and BCM throughout the entire resilience cycle. A new Horizon Europe project DYNAMO (Dynamic Resilience Assessment Method including a combined Business Continuity Management and Cyber Threat Intelligence solution for Critical Sectors) works towards combining BCM and CTI to generate a situational picture for decision support. Having this in mind, certain cybersecurity and BCM tools will be developed, refined, and integrated into the DYNAMO platform to provide decision support and awareness to chief information security officers, cybersecurity practitioners, and other stakeholders. This paper reports a case study that explores how combining CTI and BCM can help in the case of a cyber-attack. The research material consists of the news articles by the largest newspaper in Finland, Helsingin Sanomat (HS) of how the cyber attack against the therapy center Vastaamo progressed during the first week after the attack. The results show that cyber threat intelligence when flexibly integrated into the BCM approach could create better conditions for improved organizational foresight to react to unpredictable cyber threats to ensure business continuity.