Cyberdisasters require an organization’s disaster team to be prepared. Disaster events are difficult to predict, but the impact of this risk on an organization is large. However, organizations sometimes struggle in being prepared for disaster situations. Here, awareness of disaster situations when analysing priority disasters (e.g., earthquakes and pandemics) and how to mitigate them can help an organization’s preparedness. Mitigation scenarios need to be determined and simulated so that a disaster team is ready to face disaster. Using Endsley’s situational awareness model and a tabletop exercise, this study aimed to help a disaster team determine cyberdisaster risk priority and assess a team’s preparedness for dealing with a cyberdisaster. The situation awareness model was divided into two stages: awareness of cyberdisaster situations and tabletop evaluations. Awareness of a disaster situation was carried out by determining the highest priority for disaster risk using the fuzzy failure modes and effects analysis (FMEA) method. The results of the first study show that the high-risk category contains ransomware attacks during pandemics and earthquakes. The second study performed a tabletop simulation questionnaire survey of earthquakes and ransomware attacks during a pandemic for several disaster teams with 152 respondents. The results of the survey evaluation of the earthquakes and ransomware attacks simulation survey show that the effect factors of cyberdisaster simulation decisions are 95% system capability (p < 0.05), 90% knowledge (p < 0.05), and 90% awareness of a disaster situation (p < 0.05); these factors show the effect of a disaster team’s decision during a tabletop simulation. The novelty of this research lies in building a model for how an organizational process determines the priority of a cyberdisaster tabletop simulation and the factors that contribute to increasing a disaster team’s awareness in dealing with cyberattacks.
- Cyber situational awareness