Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes

Business Impact Analysis (BIA) assesses the effects of cyberattacks on critical business processes and IT assets. Traditional BIAs are manual, relying on consultants to interview employees, which can be inefficient and error-prone. Process mining, an established field in business management, offers automated techniques to map business processes via log analysis. While research on integrating process mining with business process management is growing, its application in cybersecurity risk management remains limited. This paper introduces PRIA (PRocess Impact Analysis), an event log analysis method for automatic cybersecurity impact assessment on business processes. PRIA leverages (i) process mining to extract data from ERP/CRM systems, (ii) graph-theoretic analysis to quantify impact propagation, and (iii) outputs an assessment of the criticality and exposure of IT assets and processes to cyber incidents. Applied to a financial sector supply chain workflow, PRIA identified two key sub-processes directly from event logs and highlighted process vulnerabilities, including deviations from theoretical models, validated by company employees. Depending on the initial intrusion point, PRIA found 25–75% of process activities critically impacted, uncovering new attack paths and business impacts previously undetected by manual assessments.