CYBERSECURITY READINESS AND CRITICAL INFRASTRUCTURE PROTECTION IN PAKISTAN: A RISK ASSESSMENT FRAMEWORK FOR THE ENERGY AND BANKING SECTORS

Abstract

The rapid digitalization of critical infrastructure systems has significantly increased cybersecurity risks in Pakistan, particularly within the energy and banking sectors. These sectors are increasingly exposed to sophisticated cyber threats, including ransomware, phishing, and advanced persistent attacks, due to their reliance on interconnected digital systems and industrial control technologies. This study developed and empirically evaluated a cybersecurity risk assessment framework aimed at enhancing cybersecurity readiness and critical infrastructure protection in Pakistan. A quantitative research design was employed, and data were analyzed using Structural Equation Modeling (SEM-PLS) to examine the relationships among cybersecurity governance, technological infrastructure, human capital, incident response capability, and cybersecurity readiness. The findings revealed that all proposed factors significantly influence cyber risk assessment processes, which in turn strongly enhance cybersecurity readiness and infrastructure protection. Among all variables, the cyber risk assessment process demonstrated the strongest impact on critical infrastructure protection. The study concludes that a structured and integrated cybersecurity framework is essential for strengthening resilience against evolving cyber threats in developing economies. The proposed model provides valuable insights for policymakers, regulatory authorities, and industry stakeholders in improving cybersecurity governance and operational resilience in Pakistan’s critical infrastructure sectors