THE ROLE OF AI-DRIVEN CYBER RISK ANALYTICS ON CLOUD SECURITY POSTURE MANAGEMENT IN ENTERPRISE SYSTEMS

Abstract

This study examines whether AI-driven cyber risk analytics improve Cloud Security Posture Management (CSPM) in enterprise systems and through which organizational mechanisms. We reviewed 47 prior studies to ground constructs and hypotheses, then executed a quantitative, cross-sectional, multi-case design across 220 cloud or security-team cases drawn from medium-to-large enterprises, with 512 survey responses synchronized to a ninety-day export of objective CSPM metrics. The problem addressed is persistent misconfiguration and alert overload in elastic, multi-tenant clouds that blunt security performance; the purpose is to quantify how analytics capability relates to measurable posture and to test the roles of triage efficiency and governed automation. Key variables include AI analytics capability, alert-triage efficiency, automation level, and CSPM outcomes such as misconfigurations per 100 resources, percent of critical findings remediated within policy windows, compliance score, mean time to detect, and mean time to remediate, with firm size, cloud tenure, provider mix, regulatory intensity, and account topology as controls. The analysis plan comprised reliability and validity checks, descriptive statistics, correlation matrices, hierarchical multiple regression with heteroskedasticity-robust inference, non-parametric bootstrapped mediation, and interaction-term moderation tests, plus robustness diagnostics. Headline findings show analytics capability is positively associated with stronger posture after controls, part of this relationship is mediated by improved alert triage, and the association is amplified at higher automation levels, indicating that explainable analytics plus governed automation yield the largest posture gains. Implications for practice are to invest in coverage-rich, explainable analytics, set explicit triage throughput objectives, and codify safe policy-as-code and auto-remediation so prioritized insights reliably become timely fixes; for scholarship, the work advances a capability to process to outcome model of CSPM conditioned by automation.