Study of research on cyberattack risk mitigation: A bibliometric analysis

Abstract

Risk management and system security have now become key pillars of organizations’ strategic priorities, as a result of the evolution and intensification of cyberattacks. Cyberattacks have moved beyond the stage where they were merely an issue for IT departments, they now have a significant impact on organizational continuity, the security of critical infrastructure, and governance decisions. As a result of this reality, the academic community’s interest in reducing cyber risks has intensified, making it one of the most dynamic research areas in cybersecurity. This study provides a bibliometric analysis of the literature on cyber risk reduction, covering 563 Scopus-indexed papers from 2015 to 2025. VOSviewer and the Bibliometrix package in RStudio were used to correlate publication trends, leading authors, contributing countries, and dominant research areas, with a focus on keyword co-occurrence networks, author impact and productivity according to Lotka's Law, most published journals, and thematic clustering. Results show consistent growth in scientific production, with the United States, India, the United Kingdom, and Saudi Arabia leading worldwide production. Author productivity follows Lotka's Law, with a small percentage of researchers concentrating the majority of their contributions in high-impact journals related to risk management and cybersecurity. Several theme clusters that represented the field's evolution from fundamental risk governance to artificial intelligence, machine learning, operational threat detection, and emerging security technologies were identified through keyword co-occurrence analysis. This study provides researchers and practitioners with a clear picture of how cyberattack risk mitigation research has advanced and where future efforts should focus.