Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors

Arun Sukumar, Hannan Amoozad Mahdiraji, Vahid Jafari-Sadeghi

Research output: Contribution to journalArticlepeer-review


The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small e-tailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of “security,” “dependency,” “employee,” “strategic,” and “legal” risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best–worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.
Original languageEnglish
Pages (from-to)2082-2098
Number of pages17
JournalRisk Analysis
Issue number10
Early online date10 Jan 2023
Publication statusPublished - Oct 2023

Bibliographical note

Copyright © 2023, The Authors. Risk Analysis published by Wiley Periodicals LLC on behalf of Society for Risk Analysis. This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or adaptations are made.


  • cyber risk
  • cybersecurity
  • e-tailers
  • MCDA
  • SMEs


Dive into the research topics of 'Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors'. Together they form a unique fingerprint.

Cite this