Cybersecurity risk management in small and medium-sized enterprises; A systematic review of recent evidence

Small and medium-sized enterprises (SMEs) have been encouraged to take advantage of any possible business opportunities by utilizing and adopting new-technologies such as cloud computing services, there is a huge misunderstanding of their cyber threats from the management perspective. Underestimation of cybersecurity threats by SMEs leads to an increase in their vulnerabilities and risks, which unfortunately can become actual challenges to them and other related parties. The purpose of this paper is to provide a systematic literature review based on recently available evidence on cybersecurity risk management in SMEs in order to understand the current situation. The authors aim to reveal the role the SMEs’ management is playing in addressing cybersecurityrisks in recent years, as found in the literature, and to suggest avenues for further research. The paper follows a well-known method for conducting a systematic literature review. Starting with a keyword search and an assessment of fitness for this review, 15 papers out of 50 have been analysed by NVivo software according to bibliographical information, research design and findings. The review identified 5 major perspectives that play a key role in SMEs’ cybersecurity risk management, which are threats, behaviours, practices, awareness, and decision-making respectively. Importantly, empirical research on cybersecurity risk management in SMEs is needed.