Abstract

This paper is a literature review of articles published in various journals and conference proceedings, examining the resilience of small and medium-sized enterprises (SMEs) in Saudi Arabia against cyberattacks, drawing on 19 peer-reviewed studies published between 2020 and 2025, the synthesis integrates empirical surveys, case studies, policy analyses, and comparative research. It intends to help scholars interested in the topic by presenting the issues that have been stated in the review. This review paper also highlights open topics that can be undertaken in future research, The findings reveal that SME resilience is multidimensional, shaped by four interdependent pillars: technological tools, organizational strategies, policy support, and employee training and awareness. Despite notable progress under Saudi’s Vision 2030, gaps persist in awareness, enforcement, and sectoral readiness. This review concludes with recommendations for policymakers, practitioners, and SME leaders, while highlighting limitations and future research opportunities in longitudinal assessments, sector-specific analyses, and evaluations of emerging technologies.

Keywords

  • Cyberattack
  • resilience
  • SMEs
  • Saudi Arabia

References

  1. Adriko, A., & Nurse, J. R. C. (2024). Opportunities for cyber insurance to address the challenges of cyberattacks: Repercussions for SMEs. University of Sharjah Journal of Law Sciences, 22(1), 560–607. https://doi.org/10.36394/jls.v22.i1.20
  2. Ahmed, N. N., & Nanath, K. (2021). Exploring cybersecurity ecosystem in the Middle East: Towards an SME recommender system. Journal of Cyber Security and Mobility, 511-536.
  3. Albalawi, K. (2025). Opportunities for Cyber Insurance to Address the Challenges of Cyber Attacks: Repercussions for SMEs, University of Sharjah Journal for Law Sciences, 22(1). https//:doi.org/10.36394/jls.v22.i1.20
  4. Alghamdi, S., & Abuabid, A. (2023). IoT Safeguarding in Saudi Tourism Sector: Crafting a Preliminary Security Model for Enhancing Cyber Resilience. International Journal on Recent and Innovation Trends in Computing and Communication, 11(9), 3847-3859.
  5. Alghamdi, M., Alomari, S., & Alkatheri, M. (2024). Adopting Government Cyber Security Initiatives-A study of SMEs in Saudi Arabia. INTERNATIONAL JOURNAL, 3(10), 251-319.
  6. Alharbi, F. (2025). Twelve Years of Cyber Resilience: Analyzing Cyberattacks in Saudi Arabia (2012-2024). TEM Journal, 14(2).
  7. Al-Hawamleh, A. M. (2024). Investigating the multifaceted dynamics of cybersecurity practices and their impact on the quality of e-government services: evidence from the KSA. Digital Policy, Regulation and Governance, 26(3), 317-336.
  8. Alhejaili, M. O. M. (2024). SECURING THE KINGDOM'S E-COMMERCE FRONTIER: EVALUATION OF SAUDI ARABIA'S CYBERSECURITY LEGAL FRAMEWORKS. Journal of Governance and Regulation/Volume. virtusinterpress. Org.
  9. Almoaigel, M. F., & Abuabid, A. (2023). Implementation of Cybersecurity Situation Awareness Model in Saudi SMES. International Journal of Advanced Computer Science & Applications, 14(11).
  10. Alorabi, S., & Abuanzeh, R. (2024). The Role of Risk Management in Enhancing Cybersecurity for Small and Medium Enterprises (SMEs) in Saudi Arabia “Applied Study”. International Journal of Financial, Administrative and Economic Sciences, London Vol (3), No (10), 2024. https://doi.org/10.59992/IJFAES.2024.v3n10p7
  11. Al Oraini, B. (2024). The moderating role of organizational readiness on the blockchain adoption in supply chain among Saudi SMEs. Uncertain Supply Chain Management 12 (2024) 2479–2488. doi: 10.5267/j.uscm.2024.5.021
  12. Al-Somali, S. A., Saqr, R. R., Asiri, A. M., & Al-Somali, N. A. (2024). Organizational cybersecurity systems and sustainable business performance of small and medium enterprises (SMEs) in Saudi Arabia: The mediating and moderating role of cybersecurity resilience and organizational culture. Sustainability, 16(5), 1880.
  13. Al-Zahrani, A. A., & Al-Salloum, O. I. (2025). Success Factors in Achieving Excellence in Cybersecurity (A Case Study of the Kingdom of Saudi Arabia). International Journal of Research and Studies Publishing, 6(68), 59-87.
  14. Asfahani, A. M. (2024). Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis. International Journal of Information Security, 23(4), 2515-2530.
  15. Elmaasrawy, H. E., & Tawfik, O. I. (2025). Impact of the assertive and advisory role of internal auditing on proactive measures to enhance cybersecurity: Evidence from GCC. Journal of Science and Technology Policy Management, 16(1), 68-93.
  16. GCC, A. (2024). Forecasting cybersecurity indices for GCC countries: Implications for SMEs. Arabian Journal of Information Security, 5(2), 89–104. https://doi.org/10.1109/AJIS.2024.10234
  17. Naqvi, B., Perova, K., Farooq, A., Makhdoom, I., Oyedeji, S., and Porras, J. (2023). Mitigation strategies against the phishing attacks: A systematic literature review. Computers & Security, 132:103387.
  18. Patterson, C.M., Nurse, J.R.C., and Franqueira, V. N. L. (2023). Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security, 132:103309.
  19. Rawindaran, N., Nawaf, L., Alarifi, S., Alghazzawi, D., Carroll, F., Katib, I., & Hewage, C. (2023). Enhancing cyber security governance and policy for SMEs in industry 5.0: a comparative study between Saudi Arabia and the United Kingdom. Digital, 3(3), 200-231.
  20. Renaud, K., & Ophoff, J. (2021). A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs. Organizational Cybersecurity Journal: Practice, Process and People, 1(1), 24-46.
  21. Varma, A. J., Taleb, N., Said, R. A., Ghazal, T. M., Ahmad, M., Alzoubi, H. M., & Alshurideh, M. (2023). A roadmap for SMEs to adopt an AI based cyber threat intelligence. In The effect of information technology on business and marketing intelligence systems (pp. 1903-1926). Cham: Springer International Publishing.