What is it about?
This article develops a practical framework to help governments, regulators, and financial institutions strengthen their capacity to withstand and adapt to cyber threats. Focusing on the UK financial sector, it explains how rules, governance structures, risk management processes, and feedback loops all interact to create “cyber resilience.” The framework draws on lessons from the EU and Australia, providing insights that can be applied across different countries. Written in clear language, it connects complex regulatory concepts with real-world institutional practices.
Featured Image
Why is it important?
Cyber threats are evolving faster than traditional regulation can keep up. This research offers a new way to think about resilience, not as a fixed checklist, but as a dynamic, system-level capability. The framework helps policymakers and industry leaders identify resilience gaps, adapt more quickly to new threats (including AI-driven risks), and coordinate more effectively across sectors. By bridging theory and practice, it can influence how regulations are designed and how institutions prepare for future crises.
Perspectives
This work reflects my belief that cyber resilience is as much about people, governance, and learning as it is about technology. I wanted to give decision-makers a tool that goes beyond compliance, one that helps them anticipate, adapt, and build trust in a fast-changing digital world. My professional and academic experiences in cybersecurity governance shaped the approach, combining rigorous research with the realities I’ve seen in policy and institutional practice.
Ms Andra (known as Andra T.Alcalá) Cojocaru
UNED
Read the Original
This page is a summary of: Aligning Regulation and Governance for Cyber Resilience: A Theoretical Framework for the UK Financial Sector, Computers & Security, August 2025, Elsevier,
DOI: 10.1016/j.cose.2025.104627.
You can read the full text:
Contributors
The following have contributed to this page
