Best Practices (Multiple-Case Study) Analysis for Implementing Risk Management in Cybersecurity

Abstract

This master’s thesis examines cybersecurity risk management practices in Georgian financial institutions through a qualitative multiple-case study approach. The research analyzes how international cybersecurity and risk management frameworks are implemented in practice under the regulatory supervision of the National Bank of Georgia. Empirical data were collected through semi-structured interviews with Chief Information Security Officers and the completion of online questionnaires, complemented by the document analysis of publicly available regulatory, policy and governance documents. The study identifies key success factors, challenges and best practices in the implementation of cybersecurity risk management and proposes context-specific recommendations aimed at enhancing cyber resilience in the Georgian financial sector.