Exploring The Ethical Dimensions In Decision-Making During Cyber Crisis: A Scoping Review

This scoping review examines how ethical reflection shapes the actions of Chief Information Security Officers (CISOs) when confronting cyber crises. Many organizations still prioritize technology and regulation, while the ethical dimensions of cybersecurity decision-making are often sidelined or handled intuitively. The review draws on sixteen peer-reviewed studies published over the past decade and identifies two main patterns in ethical governance. One follows a top-down path, grounded in formal rules, policies, and codes designed to ensure accountability. The other evolves from the bottom up, relying on each CISO's individual judgment, experience, and situational reasoning under stress. Across studies, CISOs appear to juggle the competing demands of privacy, transparency, and system protection—often with no clear moral roadmap. Only limited evidence explains how these decisions are made in real time, particularly under conditions of pressure and uncertainty. Top-down structures promote consistency but may become too rigid when threats evolve rapidly. Bottom-up approaches allow agility and contextual responsiveness but can also lead to hesitation or inconsistent interpretations. The review argues for a middle ground that bridges ethical theory with professional experience and contextual awareness. Supportive leadership, transparent organizational culture, and well-defined governance frameworks emerge as crucial for helping CISOs navigate these moral challenges. Future research should move beyond theoretical discussions and examine how these dynamics unfold in real organizational settings.