Moscow, Russian Federation
Russian Federation
Russian Federation
Russian Federation
UDC 33
CSCSTI 06.81
Russian Classification of Professions by Education 10.02.01
Russian Library and Bibliographic Classification 6529
Russian Trade and Bibliographic Classification 7837
BISAC BUS033070 Insurance / Risk Assessment & Management
The article solves the scientific problem of analyzing approaches to solving the problem of cybersecurity risk management in small and medium-sized businesses (SMEs). The presence of a significant problem field of research, despite the presence of a significant number of cybersecurity incidents, raises the issue of expanding research practices and finding areas for further work on developing solutions to respond to the onset of risky events. The purpose of the article is to model the cybersecurity risk management process in order to achieve strategic goals and ensure the achievement of key performance indicators for small and medium-sized businesses (SMEs). The designated goal is decomposed into the following tasks: research of approaches to cybersecurity risk management, analysis of empirical and practical data on cyber risks, identification of relevant measures for managing cyber risks for SMEs, development of recommendations for improving the effectiveness of risk management for SMEs and directions for studying various aspects of analyzing their effectiveness and investing in such risk management systems. The author's contribution consists in the fact that with the help of an empirical analysis of cyber risk management in SMEs based on research materials, as well as an analysis of trends characterized by scientists and researchers in the field of cyber risks, conclusions were drawn about the list of relevant areas for the formation of cyber risk management systems. The article will be of interest to anyone who is engaged in cyber risk management in small and medium-sized organizations in practice.
cyber risks, SMEs, small enterprises, risk management, cybersecurity risks
1. Belosludtsev N. V., Gaev L. V. What is cybersecurity and why is it important? // Innovative science. 2025. №4-2. URL: https://cyberleninka.ru/article/n/chto-takoe-kiberbezopasnost-i-pochemu-eto-vazhno EDN: https://elibrary.ru/XCWDRL
2. Martynyuk M.S. Organizational and managerial mechanisms for ensuring cybersecurity of Russian companies // Financial markets and banks. 2023. №6. URL: https://cyberleninka.ru/article/n/organizatsionno-upravlencheskie-mehanizmy-obespecheniya-kiberbezopasnosti-rossiyskih-kompaniy EDN: https://elibrary.ru/CAILLU
3. Boychenko O.V. Cybersecurity risk management system for credit and financial activities // Scientific Bulletin: Finance, banks, investments. 2024. №3 (68). URL: https://cyberleninka.ru/article/n/sistema-upravleniya-riskami-kiberbezopasnosti-kreditno-finansovoy-deyatelnosti
4. Kazaryan K.K. Cybersecurity risk management // StudNet. 2022. No. 1. URL: https://cyberleninka.ru/article/n/upravlenie-riskami-kiberbezopasnosti EDN: https://elibrary.ru/GDVCBT
5. Shuvalova M. The three pillars of the digital transformation of SMEs are: the transfer of business to an online format, financial support, and digital skills training. – URL: https://www.garant.ru/article/1467601/?ysclid=miimpo272n578660081
6. Olzak, Tom. (2025). Cybersecurity Risk Analysis and Management.https://doi.org/10.13140/RG.2.2.32254.91208.
7. Ohrimenco, Serghei & Valeriu, Cernei. (2024). Cybersecurity risk. 145-154.https://doi.org/10.53486/escst2023.17.
8. Ezekiel O. Risk Management as a Strategic Bridge: Aligning Cybersecurity Architecture with Business Objectives in Modern Organizations. IEEE TRANSACTIONS ON ENGINEERING MANAGEMENT, VOL. XX, NO. X, MONTH 2025
9. Aljumaiah, Osama & Jiang, Weiwei & Addula, Santosh Reddy & Almaiah, Mohammed. (2025). Analyzing Cybersecurity Risks and Threats in IT Infrastructure based on NIST Framework. Journal of Cyber Security and Risk Auditing. 2025. 12-26.https://doi.org/10.63180/jcsra.thestap.2025.2.2.
10. Zgoba A.I., Markelov D.V., Smirnov P.I. Cybersecurity: threats, challenges, solutions // Cybersecurity issues. 2014. №5 (8). URL: https://cyberleninka.ru/article/n/kiberbezopasnost-ugrozy-vyzovy-resheniya
11. Khalin V. G., Chernova G. V. Digitalization and cyber risks // Management consulting. 2023. №7 (175). URL: https://cyberleninka.ru/article/n/tsifrovizatsiya-i-kiberriski DOI: https://doi.org/10.22394/1726-1139-2023-7-28-41
12. Avanesov A.A. Problems of cyber risk insurance // Economic development of Russia. 2025. №6. URL: https://cyberleninka.ru/article/n/problemy-strahovaniya-kiberriskov EDN: https://elibrary.ru/KGTGJC
13. Zhdanova O.A., Maksimova E.A. Cyber risks of making transactions with digital financial assets as financing instruments // Innovation and investment. 2023. №10. URL: https://cyberleninka.ru/article/n/kiberriski-soversheniya-sdelok-s-tsifrovymi-finansovymi-aktivami-kak-instrumentami-finansirovaniya EDN: https://elibrary.ru/HWDKWX
14. Margamov A.R. Cyber risk management based on the principles of functioning of the digital security system // Industrial Economy. 2023. №5. URL: https://cyberleninka.ru/article/n/upravlenie-kiberriskami-s-uchetom-printsipov-funktsionirovaniya-sistemy-tsifrovoy-bezopasnosti DOI: https://doi.org/10.47576/2949-1886_2023_5_15; EDN: https://elibrary.ru/SVEBQB
15. Abdullaev E. A. Cybersecurity: Challenges and protection strategies in the digital age / E. A. Abdullaev. Text : direct // Young scientist. 2023. No. 33 (480). pp. 8-9. URL: https://moluch.ru/archive/480/105493 EDN: https://elibrary.ru/NSLSKY
16. Grankina Ya. A., Baymedetov S. D. Cybersecurity in the modern world: threats and methods of protection // Bulletin of Science. 2024. №11 (80). URL: https://cyberleninka.ru/article/n/kiberbezopasnost-v-sovremennom-mire-aktualnye-ugrozy-i-metody-zaschity
17. Zhirkov G. S., Gotovtseva O. G. The main threats to cybersecurity: an overview of current trends and challenges // Bulletin of Science. 2025. №8 (89). URL: https://cyberleninka.ru/article/n/osnovnye-ugrozy-kiberbezopasnosti-obzor-sovremennyh-trendov-i-vyzovov
18. Kambulov D.A. Threats to cybersecurity // StudNet. 2021. No. 7. URL: https://cyberleninka.ru/article/n/ugrozy-kiberbezopasnosti EDN: https://elibrary.ru/YDMMKS
19. Menlieva A., Ballyeva N., Garyagdieva K. Threat and risk analysis: choosing effective cybersecurity measures for organizations // Bulletin of Science. 2024. №10 (79). URL: https://cyberleninka.ru/article/n/ugroza-i-analiz-riskov-vybor-effektivnyh-meropriyatiy-kiberbezopasnosti-dlya-organizatsii
20. Global Report J.S. Held 2025: Effective Cyber Risk Management. March 26, 2025 – URL: https://www.appercase.ru/news/59006 /?ysclid=minqptnefo81185279
21. Information security risk management. Information technology. Security techniques. Information security risk management. GOST R ISO/IEC 27005-2010. OKS 35.040. – URL: https://normativ.kontur.ru/document?moduleId=9&documentId=225742&ysclid=minqxlqg9e946376626
22. In 2025, businesses were exposed to cyber attacks 38% more often. – URL: https://allo.tochka.com/news/kiberataki-2025?ysclid=mip87so44c684934570
