DOI: 10.1108/jeim-03-2026-0497 ISSN: 1741-0398

Identifying root causes and propagation paths of systemic cybersecurity risks in digital twins: a mixed-method approach

İsmail Erol, Ahmet Oztel, Ihsan Tolga Medeni, İlker Murat Ar

Purpose

This study addresses the research gap in understanding systemic interdependencies among cybersecurity challenges in digital twins (DTs) by proposing a novel framework to model these relationships under uncertainty, supporting anticipatory governance in critical sectors such as healthcare.

Design/methodology/approach

A mixed methods approach combines a systematic literature review with a Picture Fuzzy Interpretive Structural Modeling and MICMAC (PF-ISM MICMAC) framework. Picture fuzzy sets capture indeterminacy and refusal in expert judgments from a multidisciplinary panel of experts. Robustness is validated through 10,000 Monte Carlo simulations and a leave-one-out sensitivity analysis, complemented by semi-structured interviews.

Findings

Ten key cybersecurity challenges are identified. Lack of standardization and regulation, infrastructure vulnerabilities and inadequate resilience metrics emerge as foundational drivers. Data poisoning, secure communication and lack of interoperability are linkage factors with high driving and dependence power, forming a dynamic risk core. Insider threats and lack of system resilience are dependent outcomes. Validation confirms high structural stability and practical relevance.

Practical implications

Policy: Urges global regulatory harmonization and standardized security frameworks for DTs. Managerial: Provides a risk-based prioritization heuristic that invests in high driving factors, integrates responses for linkage factors and monitors dependent outcomes.

Originality/value

This study does not claim to invent a wholly new methodology. Rather, its originality lies in: (1) the novel application of the PF-ISM MICMAC framework to model systemic interdependencies among DT cybersecurity challenges, a domain where prior research has treated challenges as independent and (2) the empirically grounded and validated six-level hierarchical framework, which enables proactive systemic risk analysis.

More from our Archive