Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors

Abstract

AbstractThe role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium‐sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e‐tailing SMEs). Therefore, this article employs a sample of 124 small e‐tailers in the United Kingdom and takes advantage of a multi‐criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber‐oriented risks in five exhaustive themes of “security,” “dependency,” “employee,” “strategic,” and “legal” risks. Subsequently, an integrated approach using step‐wise weight assessment ratio analysis (SWARA) and best–worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e‐tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.