Types of cyber risks for SMEs: classification and business impact

Abstract

This work investigates cyber risks affecting small and medium-sized enterprises (SMEs), aiming to classify them and assess their business impact. Using a systematic literature review and qualitative content analysis of 71 peer-reviewed articles from Scopus, six main categories of cyber risks were identified. These include external threats, insider risks, data vulnerabilities, reputational and financial risks, emerging technologies, and operational weaknesses. The findings highlight the need for SMEs to adopt sector-specific, proactive cyber resilience strategies. The study contributes to the development of effective risk management practices tailored to the unique challenges faced by SMEs.