Recent Trends in Information and Cyber Security Maturity Assessment: A Systematic Literature Review

This work represents a comprehensive and systematic literature review (SLR) that follows the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines for research assessing information and cyber security maturity. The period from 2012 to 2024 was considered and the final collection of 96 studies was taken into account. Our findings were summarised in two stages, a quantitative analysis and a qualitative synthesis. In the first part, various quantitative indicators were used to analyse the evolution of the information and cyber security maturity assessment domain over the last twelve years. The qualitative synthesis, which was limited to 36 research papers, categorises the studies into three key areas: the development of new maturity models, the implementation of established models and frameworks, and the advancement of methodologies to support maturity assessments. The findings reveal significant progress in sector-specific customisation, the growing importance of lightweight models for small and medium-sized enterprises (SMEs), and the integration of emerging technologies. This study provides important insights into the evolving landscape of information and cyber security maturity assessment and provides actionable recommendations for academia and industry to improve security resilience and support the adoption of tailored, effective maturity models.