Research Information System
Expert Systems with Applications, vol.282, 2025 (SCI-Expanded)
Protecting organizations’ digital assets is getting increasingly critical as organizations are becoming more susceptible to cyber-attacks. Cybersecurity Maturity Models (CMMs) allow organizations to evaluate how mature cybersecurity systems are. However, cybersecurity maturity assessment is a complex decision-making problem involving many factors, uncertainty, and incomplete information. Luckily, the preference relations technique is efficient in Group Decision-Making (GDM) and Multi-Criteria Decision-Making (MCDM) approaches. This paper proposes a novel incomplete Hesitant Fuzzy Preference Relations (HFPRs) method utilizing the Bonferroni means operator, coupled with the Analytic Hierarchy Process (AHP) method, for enhanced cybersecurity maturity assessments. These assessments are provided by experts who may suffer from incomplete preferences, also because of a lack of professional knowledge or experience. To handle these shortcomings, the additive consistent HFPRs concept is used. The Hesitant Fuzzy (HF) Bonferroni Means (HFBM) operator is applied for aggregating experts’ assessments, and the incomplete HFPR-AHP method is employed to quantify the criteria weights. The CMM proposed in this article is built with a literature review, industry intelligence as well as experts’ views. A case for public institutions in Türkiye is studied to demonstrate the applicability of the proposed method. The uniqueness of this paper stems from proposing an original CMM and applying the AHP method, Bonferroni Means, with incomplete HFPRs for the first time in this field.