Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)

Open Access
Article
Conference Proceedings
Authors: Jonathan Thelen
Abstract

Small and medium-sized enterprises (SMEs) face cyber-attacks with disproportionate impact and limited capacity, yet the human-factors (HF) dimension of cyber resilience for this population remains methodologically heterogeneous. This scoping review maps how cyber resilience and cybersecurity frameworks for SMEs published between January 2018 and May 2026 operationalize HF constructs. Following PRISMA-ScR, we identified 482 records from four databases (Scite, Elicit, OpenAlex, Semantic Scholar) via twelve productive searches, including both keyword-style queries and an apples-to-apples replay of the same Scite Boolean strings on the keyword-indexed engines. After deduplication we screened 345 unique titles, assessed 126 for full-text eligibility, and synthesized 52 chart-eligible frameworks. To address abstractonly-charting risk, all 52 frameworks were read in full text and the coding re-validated against the original PDF. Security awareness dominates the SME HF lexicon (40/52, 77%); decision support (52%) and behavior change (44%) follow at moderate distance. Usability evaluation (12%), incident-response HF (13%), explicit technology acceptance (10%), trust modeling (10%), and cognitive workload (4%) remain underrepresented. Operationalization skews toward narrative process descriptions and single-item markers; metric-level operationalization and validated interventions are rare. We conclude with a research agenda for HF-explicit SME cyber resilience frameworks.

Keywords: Cyber Resilience, SMEs, Human Factors, Scoping Review, Cybersecurity Framework, Usability, Technology Acceptance, Trust.

DOI: 10.54941/ahfe1007418

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Designing an AI-Driven Framework for Human-Centered Cybersecurity PracticesThe Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives
View all articles in Human Factors in Cybersecurity