| Abstract [eng] |
This thesis examines the growing importance of cyber resilience and risk management strategies in Lithuania as cyber threats become more complex and pervasive. While traditional risk management has focused on prevention, this study highlights the need for organizations—both public and private—to develop strategies prioritizing recovery, adaptation, and resilience in the face of inevitable cyber incidents. The research looks at Lithuania's national frameworks for cyber resilience and explores how organizations are integrating resilience strategies to handle or mitigate these threats. The study argues that, as cyber threats evolve, organizations must shift from focusing solely on prevention to integrating risk management and cyber resilience strategies that reduce the impact of cyberattacks and ensure operational continuity. The objectives of the study are: 1) to assess the state of cyber resilience in Lithuania; 2) to analyze how resilience strategies are being implemented by organizations, especially those that have faced or avoided cyber incidents; and 3) to examine Lithuania’s legal and regulatory framework in supporting cyber resilience. This research is qualitative, utilizing interviews with practitioners and experts in the field. The findings show that while Lithuania has made progress in developing a national cybersecurity framework, substantial gaps remain in its practical application, especially within organizations. Many, particularly SMEs, still rely on traditional risk management strategies focused on prevention, rather than preparing for or recovering from cyber incidents. The study supports the view that organizations adopting resilience strategies—such as data redundancy, system backups, and cross-sector collaboration—are better equipped to manage cyber incidents and maintain continuity. The research also reveals that while many smaller organizations focus on prevention, larger institutions like Kaunas University of Technology are beginning to recognize the limitations of a purely preventive approach, shifting toward resilience-focused strategies. However, the study highlights challenges such as a shortage of skilled personnel, insufficient managerial involvement, and financial limitations that hinder the adoption of resilience strategies. Despite Lithuania’s cybersecurity framework, many organizations still rely on regulatory compliance rather than proactive, integrated resilience strategies. Compared to international best practices, Lithuania lags in areas such as integrating emerging technologies like artificial intelligence for threat detection and fostering collaboration between the public and private sectors. The national legal and regulatory framework, particularly Lithuania’s Cybersecurity Law, provides a foundation for cybersecurity policy but requires further development to offer actionable guidance for organizations. This research contributes to the broader discussion of cyber resilience by offering insights into Lithuania’s specific challenges and comparing its practices with global standards. It advocates for a more integrated approach to cybersecurity, balancing prevention with the ability to recover and adapt to the rapidly evolving cyber threat landscape. |
