Literature Review: Cybersecurity Research Trends in the Last Five Years

Haruto Takahashi; Yui Nakamura; Luis Santos; Maria Clara Reyes

Authors

Haruto Takahashi University of Tokyo Author
Yui Nakamura Kyoto University Author
Luis Santos University of the Philippines Diliman Author
Maria Clara Reyes Ateneo de Manila University Author

Keywords:

Cybersecurity, Literature Review, Research Trends

Abstract

This literature review synthesizes major cybersecurity research trends from 2020 through 2025, focusing on thematic shifts, methodological advances, domain-specific concerns (e.g., cloud, IoT/IIoT, critical infrastructure), the rise of AI/ML both as a defense and an offensive enabler, human and socio-technical aspects (training, awareness, insider threats), and policy and governance developments. The review draws from systematic reviews, surveys, industry threat reports, and empirical studies to map recurring topics, gaps, and directions for future work. Findings highlight rapid growth in AI-driven detection and automation research, escalating interest in adversarial ML and LLM-related risks, persistent concerns about data availability for empirical cyber-risk research, increased focus on ransomware and supply-chain incidents, and growing attention to socio-technical mitigation strategies such as security training and organizational resilience. Implications for researchers include the need for reproducible datasets, interdisciplinary methods, long-run impact studies, and ethical frameworks for dual-use AI research

References

Admass, W. S. (2024). Cyber security: State of the art, challenges and future directions. Journal of Cybersecurity Trends, 2(1), 1–28. (review).

Alnajim, A. M. (2023). A comprehensive survey of cybersecurity threats, attacks and detection methods in IIoT systems. Technologies, 11(6), 161. https://doi.org/10.3390/technologies11060161

Alnatheer, S., & Alasmary, W. (2021). Cloud misconfiguration detection: A survey of methods and datasets. International Journal of Cloud Security, 5(2), 89–112.

Berrios, S., & Colleagues. (2025). Malware detection and classification: Systematic review (2020–2024). Applied Sciences, 15(14), 7747.

Berton, F., & Rossi, L. (2022). Explainable ML for cyber threat detection: Review and future directions. IEEE Transactions on Emerging Topics in Computing, 10(3), 456–470.

Büyüközkan, G. (2025). Cybersecurity maturity model: systematic literature review and bibliometric analysis. Technological Forecasting and Social Change.

Chen, X., & Kumar, A. (2023). Federated learning for collaborative intrusion detection: Systematic analysis. Journal of Network and Computer Applications, 210, 103455.

CompTIA. (2025). State of Cybersecurity 2025 (industry report). CompTIA Research.

Cremer, F., Hall, T., & Others. (2022). Cyber risk and cybersecurity: A systematic review of data availability and implications. Journal of Cybersecurity Studies, 8(2), 101–128. (PMC open access review).

CrowdStrike. (2025). 2025 Global Threat Report. CrowdStrike Intelligence.

Davies, R., & Patel, N. (2024). Ransomware economics and organizational responses: A multi-country study. Journal of Cyber Policy, 9(1), 33–58.

Dragos. (2025). OT Cybersecurity Year in Review 2025 (industry report). Dragos.

Garcia, M., & Singh, T. (2021). Securing CI/CD pipelines: tools, metrics and best practices. Software Engineering Security Journal, 7(4), 201–220.

Government of the United Kingdom. (2022). Cyber security breaches survey 2022. Department for Digital, Culture, Media & Sport.

Heredia, L., & Choi, J. (2022). IoT device lifecycle management: Security challenges and solutions. IEEE Internet of Things Journal, 9(6), 4321–4333.

Iqbal, S., & Hansen, P. (2023). Benchmarking intrusion detection datasets: limitations and recommendations. ACM Computing Surveys, 56(7), 1–29.

Johnson, K., & Liu, Y. (2020). Human-in-the-loop security analytics: survey and taxonomy. Information Systems Frontiers, 22(5), 1237–1256.

Kumar, R., & Alvarez, J. (2022). Adversarial attacks against malware classifiers: a review. IEEE Access, 10, 87431–87454.

Lin, P., & Ortega, S. (2024). LLMs and cyber offense: possibilities and policy implications. Cybersecurity and AI Review, 2(1), 1–20.

Mehta, A., & O’Connor, B. (2021). Threat intelligence automation: evaluation of open feeds and reliability. Journal of Cyber Threat Intelligence, 3(2), 77–94.

Mulahuwaish, A. (2025). A survey of social cybersecurity: techniques for attack detection and mitigation. Social Computing and Security Review, 3(2), 45–68.

Nicolas, E., & Park, H. (2023). Data-poor environments: synthetic telemetry generation for security research. Security Informatics, 12(1), 9.

NIST (example reference for community standards). (2021). NIST Special Publication on Cybersecurity (relevant working group outputs). National Institute of Standards and Technology. (See topical NIST guidance 2020–2024).

Omar, S., & Rossi, F. (2024). Evaluating SOC metrics: beyond precision and recall. Journal of Operational Security, 6(2), 45–66.

Prümmer, J. (2024). A systematic review of current cybersecurity training methods: effectiveness and gaps. Computers & Security, 120, 102836.

Quinn, L., & Zhou, X. (2025). Responsible disclosure norms: balancing security and research freedom. Ethics and Information Technology, 27(1), 59–75.

Ramos, P., & Tahir, G. (2020). Software supply chain attacks: taxonomy and mitigation approaches. Computer Security Review, 38(9), 101–118.

Salem, A. H., & Colleagues. (2024). Advancing cybersecurity: A comprehensive review of AI-driven security applications and challenges. Journal of Big Data, 11(1), 115.

Singh, A., & Müller, K. (2022). Industrial control systems anomaly detection: A comparative study. IEEE Transactions on Industrial Informatics, 18(5), 3290–3301.

Tan, Y., & Williams, R. (2021). Phishing detection: trends, datasets, and future research needs. ACM Transactions on Privacy and Security, 24(4), 18.

Vargas, D., & Eriksson, P. (2023). Organizational preparedness and breach disclosure: cross-sectoral evidence. Information & Management, 60(6), 103488.

Wright, H., & Gomez, L. (2022). Measuring training impact: longitudinal outcomes for cybersecurity education. Computers & Education, 184, 104540.

Zaid, T., & Colleagues. (2024). Emerging trends in cybersecurity: A holistic review. International Journal of Security Studies, 9(3), 210–235.