Mapping the Landscape of Information Security Risk Management Research: A Bibliometric Analysis Using VOS Viewer and Power BI
Pubblicato online: 12 set 2025
Pagine: 86 - 105
DOI: https://doi.org/10.2478/ias-2025-0006
Parole chiave
© 2025 Norshima Humaidi et al., published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Figure 1.
Figure 2.
Figure 3.
Figure 4.
Figure 5.
Summarise of Bibliometric Studies on Information Security
| Sharma et al. 2023 [ |
Cybersecurity and cyber forensics research (2011–2021); mapping a decade of digital security literature. | Co-authorship, co-citation, citation and keyword analysis using full vs. fractional counting; timeline trends and burst detection (CiteSpace-like approach). | Web of Science (WoS), 2011–2021 publications. |
Steady growth in cybersecurity/forensics publications over the decade. Top contributors identified: key authors, institutions, countries leading the field. Major topics include anomaly detection, malware analysis, cyberattacks, machine learning in security. Collaboration networks show global research clusters (with certain countries forming hubs). |
Points out underinvestigated areas at the intersection of cybersecurity and forensics. Emphasizes need for future work linking preventative security and post-incident forensics. Provides a decade-long baseline to guide future research directions in emerging cybersecurity threats. |
| Arroyabe et al. 2024 [ |
Intersection of SME digitalization and cybersecurity – how digital transformation in small businesses relates to security issues. | Bibliometric (R) used for co-occurrence (keyword) clustering and citation analysis. Four main thematic clusters identified via co-word analysis. | WoS + Scopus (417 papers, up to ~2022) on “SMEs + cybersecurity/digitalization”. |
Research splits into 4 clusters: (1) Industry 4.0 & smart factories, (2) Industry 4.0 & SMEs, (3) SMEs & cybersecurity practices, (4) SME digitalization & entrepreneurship. Increasing digitalization - higher cyber risk for SMEs, but current literature often treats these topics separately (tech adoption vs. security). Few studies integrate business innovation and security preparedness, indicating a silo effect. |
Identifies a gap: lack of integrated studies on SME digitalization Predicts cybersecurity in SMEs will emerge as its own research stream, distinct from general digitalization research. Recommends bridging the gap by focusing future research on security as an integral part of SME digital transformation strategies. |
| Guembe et al. 2025 [ |
Artificial Intelligence in cybersecurity, specifically AI-driven cyberattack and intrusion detection (2014–2024). | Comprehensive bibliometric review using Bibliometric/Bibliophagy (R). Co-authorship networks, keyword co-occurrence maps, and citation metrics analysed. Also used dominance factor for author influence. | Scopus (2014–2024): 2,338 documents (journals, conferences, etc.) on AI-based cyber defence. |
Machine learning & deep learning are the dominant approaches in cybersecurity, showing rapid growth in research interest. USA is the top-producing country, with India, China and others also major contributors. Strong collaboration networks among leading countries (USA–China–Europe etc.). High impact work from countries like Canada and Italy despite fewer papers (high citations per paper). Keywords show emphasis on network security, intrusion detection, IoT security, federated learning, etc., indicating trending research topics. |
Calls for future research in federated learning and privacy-preserving AI to secure IoT/IoMT systems. Notes the need to address emerging threats (e.g., adversarial attacks on AI) and to integrate AI with privacy/security by design. Suggests strengthening international collaborations and interdisciplinary approaches (combining AI with domain knowledge) to tackle complex cyber threats. |
| Judijanto et al. 2024 [ |
Global landscape of cybersecurity research (2010–2024); evolution of research themes and international collaboration patterns. | VOS viewer used for network visualization (co-authorship, co-word, co-citation networks). Analysed publication counts, collaborative networks and topic clusters over time. | Scopus (2010–2024): cybersecurity-related publications worldwide. |
Dramatic growth in cybersecurity publications over the period, reflecting rising importance of security R&D. Shift in focus from basic IT security to advanced tech integration: recent literature heavily features AI, IoT, blockchain in cybersecurity context. Global collaboration network is mapped: USA, China, India, Germany, UK are key hubs driving research and cooperating internationally. Highlights the field’s increasingly interdisciplinary nature (technical, human, policy angles) to address complex cyber challenges. |
Stresses the need for continuous innovation and broad collaboration to keep pace with evolving threats. Recommends interdisciplinary approaches in future research – integrating fields (technical and human factors) and expanding analytical frameworks. Suggests using more diverse data sources (beyond just one index, and including real-time threat data) in bibliometric analyses to fully capture the fast-changing cybersecurity landscape. |
| Erdoğan & Akmeşe 2025 [ |
Cybercrime studies (2000–2023); literature on illegal cyber activities (hacking, cyber fraud, etc.) and countermeasures. | Bibliometric (R) and Excel for bibliometric analysis. Examined publication trends, prolific authors, top journals, citation counts; visualized author and country collaboration networks. | Web of Science (2000–2023): 2,566 publications on “cybercrime” related keywords. |
Steady long-term growth in cybercrime research output as cyber threats proliferate. Top author: K. Jaishankar (21 papers) – a leading scholar in cyber criminology. Leading journal: Most-cited work on Stuxnet (cyber warfare), showing crossover between cybercrime and national security topics. Major contributing institutions and countries identified (e.g., strong output from certain universities and cross-country collaborations visualized); reflects an international research effort against cybercrime. |
Provides a baseline for future cybercrime research, helping identify less-explored topics. Implies need for further study in emerging crime areas (e.g., AI-enabled crimes, crypto crimes) as well as underrepresented regions, though specific future directions are general. Emphasizes using these findings to guide policy and research focus, given the dynamic nature of cybercrime (“moving target” requiring ongoing study). |
Top 10 Most Productive Countries Publishing on Information Security Risk Management
| USA | 101 |
| China | 24 |
| England | 18 |
| Australia | 14 |
| India | 14 |
| South Korea | 13 |
| Spain | 12 |
| Taiwan | 12 |
| Canada | 10 |
| Norway | 10 |
Analysis Tools for Bibliometric Research
| 1. | Purpose | Primarily used for constructing and visualizing bibliometric networks, such as citation, co-citation, and co-authorship networks. | An open-source software for network visualization and analysis. | A business analytics tool by Microsoft, used for data visualization and business intelligence. | An open-source software for network visualization and analysis. |
| 2. | Strength | Preferably for text mining and creating co-occurrence networks of terms from scientific literature. | Suitable for detecting emerging trends and sudden bursts of activity in research. | Integrates well with various data sources, provides robust data analysis, and interactive dashboards. | Supports large-scale network analysis and offers various layout algorithms for better visualization. |
| 3. | Visualisation | Offers detailed and interactive visualizations of bibliometric maps. | Provides temporal visualizations and cluster views, highlighting key areas of research. | It offers a variety of visualization options that can be combined into interactive dashboards, allowing users to explore the data dynamically and gain deeper insights into bibliometric patterns and trends. | Highly versatile with numerous options for editing and customizing network visualizations. |
| 4. | Customisation | Customized visualizations to highlight important nodes and connections. | Tailored visualizations to emphasize co-citation networks, keyword co-occurrences, and citation bursts. | Power BI allows extensive customization for business reports and dashboards, while Gephi offers detailed options for visualizing complex network structures. | Rank nodes by metrics such as degree centrality or PageRank. |
Top Ten Journals with Highest Total of Publication Activities (2000 – 2025)
| Computers & Security | 28 |
| Information Security Journal | 16 |
| Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber Physical Systems | 11 |
| IEEE Access | 11 |
| Information and Computer Security | 11 |
| International Journal of Information Security | 9 |
| Journal of Information Security And Applications | 8 |
| International Journal of Advanced Computer Science and Applications | 7 |
| International Journal of Computer Science and Network Security | 6 |
| IET Information Security | 5 |
| International Journal of Information Management | 5 |
Keywords Analysis Results
| Framework | 17 | 55 | 28 |
| Governance | 11 | 22 | 11 |
| Impact | 14 | 47 | 21 |
| Management | 15 | 62 | 38 |
| Performance | 12 | 32 | 17 |
| Technology | 10 | 23 | 13 |
| Information Security Management | 11 | 21 | 19 |
| Computer Security | 9 | 21 | 10 |
| Cybersecurity | 16 | 71 | 47 |
| Risk Analysis | 10 | 23 | 14 |
| Risk Assessment | 12 | 48 | 35 |
| Risks | 13 | 60 | 30 |
| Security | 16 | 87 | 57 |
| Systems | 12 | 46 | 27 |
| Vulnerability | 11 | 26 | 14 |
| Cloud Computing | 6 | 11 | 11 |
| Information Security | 17 | 185 | 159 |
| Privacy | 12 | 26 | 16 |
Usage of the Risk Management Related to Information Security Term In the Academic Writings
| Information Security |
WoS | 14 | 74 | 112 | 180 | 38 |
Top 10 Publisher With Highest Total of Publications
| Emerald Group Publishing Ltd | 32 |
| Springer | 29 |
| Elsevier Advanced Technology | 28 |
| Elsevier | 25 |
| MDPI | 25 |
| Taylor & Francis Inc | 22 |
| IEEE-Inst Electrical Electronics Engineers Inc | 15 |
| IGI Global | 12 |
| Syngress | 11 |
| Elsevier Sci Ltd | 9 |
The Top 10 Most Essential Authors of Publications Related to Information Security Risk Management from 2000 to 2025 in the WoS Database Core Collection
| Schuett, Jonas | 1 | 332 |
Risk Management in the Artificial Intelligence Act |
| Massimino, Brett | 1 | 238 |
On the Inattention to Digital Confidentiality in Operations and Supply Chain Research |
| Knowles, William | 1 | 229 |
A Survey of Cyber Security Management in Industrial Control Systems |
| Uddin, Md. Hamid | 1 | 214 |
Cybersecurity Hazards and Financial System Vulnerability: A Synthesis of Literature |
| Tarei, Pradeep Kumar | 2 | 202 |
Benchmarking the Relationship Between Supply Chain Risk Mitigation Strategies and Practices: An Integrated Approach |
| Etemadi, Nilofar | 1 | 198 |
An ISM Modelling of Barriers for Blockchain/Distributed Ledger Technology Adoption in Supply Chains Towards Cybersecurity |
| Shiau, Wen -Lung | 1 | 196 |
What Are the Trend and Core Knowledge of Information Security? A Citation and Co-Citation Analysis |
| Culot, Giovanna | 1 | 189 |
The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory-Based Research Agenda |
| Fenz, Stefan | 5 | 166 |
Information Security Risk Management: In Which Security Solutions Is It Worth Investing? |
| Di Lernia, Cary | 1 | 165 |
Cyber-Related Risk Disclosure in Australia: Evidence from the ASX200 |
Top Ten Journals with Highest Citation (2000 – 2025)
| Computers & Security | 882 |
| MIS Quarterly | 391 |
| International Journal of Information Management | 327 |
| Information & Management | 191 |
| International Journal of Critical Infrastructure Protection | 170 |
| Journal of Management Information Systems | 167 |
| Information Systems Research | 156 |
| Decision Support Systems | 141 |
| International Journal of Information Security | 111 |
| Journal of Information Security and Applications | 90 |