Application of Structural Equation Modelling to Cybersecurity Risk Analysis in the Era of Industry 4.0

Abstract

In the current digital transformation to Industry 4.0, the demands on the ability of countries to react responsibly and effectively to threats in the field of cyber security (CS) are increasing. Cyber safety is one of the pillars and concepts of Industry 4.0, as digitization brings convergence and integration of information technologies (IT) and operational technologies (OT), IT/OT systems, and data. Collecting and connecting a large amount of data in smart factories and cities poses risks, in a broader context for the entire state. The authors focus attention on the issue of CS, where, despite all digitization, the human factor plays a key role—an actor of risk as well as strengthening the sustainability and resilience of CS. It is obvious that in accordance with how the individuals (decision-makers) perceive the risk, thus they subsequently evaluate the situation and countermeasures. Perceiving cyber threats/risks in their complexity as a part of hybrid threats (HT) helps decision-makers prevent and manage them. Due to the growing trend of HT, the need for research focused on the perception of threats by individuals and companies is increasing. Moreover, the literature review points out a lack of methodology and evaluation strategy. This study presents the results of the research aimed at the mathematical modelling of risk perception of threats to the state and industry through the disruption of CS. The authors provide the developed factor model of cyber security (FMCS), i.e., the model of CS threat risk perception. When creating the FMCS, the researchers applied SEM (structural equation modelling) and confirmatory factor analysis to the data obtained by the implementation of the research tool (a questionnaire designed by the authors). The pillars and sub-pillars of CS defined within the questionnaire enable quantification in the perception of the level of risk of CS as well as differentiation and comparison between the analyzed groups of respondents (students of considered universities in SK and CZ). The convergent and discriminant validity of the research instrument is verified, and its reliability is confirmed (Cronbach’s alpha = 0.95047). The influence of the individual pillars is demonstrated as significant at the significance level of α = 5%. For the entire research set N = 964, the highest share of risk perception of CS threats is achieved by the DISRIT pillar (disruption or reduction of the resistance of IT infrastructure).