The article solves the scientific problem of analyzing approaches to solving the problem of cybersecurity risk management in small and medium-sized businesses (SMEs). The presence of a significant problem field of research, despite the presence of a significant number of cybersecurity incidents, raises the issue of expanding research practices and finding areas for further work on developing solutions to respond to the onset of risky events. The purpose of the article is to model the cybersecurity risk management process in order to achieve strategic goals and ensure the achievement of key performance indicators for small and medium-sized businesses (SMEs). The designated goal is decomposed into the following tasks: research of approaches to cybersecurity risk management, analysis of empirical and practical data on cyber risks, identification of relevant measures for managing cyber risks for SMEs, development of recommendations for improving the effectiveness of risk management for SMEs and directions for studying various aspects of analyzing their effectiveness and investing in such risk management systems. The author's contribution consists in the fact that with the help of an empirical analysis of cyber risk management in SMEs based on research materials, as well as an analysis of trends characterized by scientists and researchers in the field of cyber risks, conclusions were drawn about the list of relevant areas for the formation of cyber risk management systems. The article will be of interest to anyone who is engaged in cyber risk management in small and medium-sized organizations in practice.
Tsoy et al. (Thu,) studied this question.