Step-by-Step Guide to Creating a Cyber Risk Assessment Tool for Small Businesses
Source: Dev.to
Understanding Cyber Risk Scoring
At its core, risk assessment is based on a simple formula:
[ \text{Risk Score} = \text{Likelihood} \times \text{Impact} ]
- Likelihood – probability that a threat will occur
- Impact – damage if the threat occurs
For small businesses we can use a 1‑5 scale:
| Score | Meaning |
|---|---|
| 1 | Very Low |
| 2 | Low |
| 3 | Moderate |
| 4 | High |
| 5 | Very High |
This keeps things simple and practical.
Designing the Risk Matrix
If both Likelihood and Impact range from 1‑5:
- Minimum Risk = 1 × 1 = 1
- Maximum Risk = 5 × 5 = 25
Risk levels can be categorized as:
| Score Range | Risk Level |
|---|---|
| 1–5 | Low |
| 6–12 | Medium |
| 13–19 | High |
| 20–25 | Critical |
These thresholds give clear decision points.
Creating the HTML Structure
<!DOCTYPE html>
<html>
<head>
<title>Cyber Risk Assessment Tool</title>
</head>
<body>
<h2>Cyber Risk Assessment Tool</h2>
Likelihood (1‑5):
<input id="likelihood" type="number" min="1" max="5">
Impact (1‑5):
<input id="impact" type="number" min="1" max="5">
<button onclick="calculateRisk()">Calculate Risk</button>
<div id="result" class="result"></div>
</body>
</html>Styling with Basic CSS
/* style.css */
.container {
max-width: 400px;
margin: 40px auto;
padding: 20px;
border-radius: 8px;
box-shadow: 0 4px 10px rgba(0,0,0,0.1);
font-family: Arial, sans-serif;
}
input, button {
width: 100%;
padding: 8px;
margin-bottom: 10px;
box-sizing: border-box;
}
button {
background: #0a66c2;
color: white;
border: none;
cursor: pointer;
}
.result {
margin-top: 15px;
font-weight: bold;
}Writing the JavaScript Logic
// script.js
function calculateRisk() {
const likelihood = parseInt(document.getElementById("likelihood").value);
const impact = parseInt(document.getElementById("impact").value);
const resultEl = document.getElementById("result");
if (!likelihood || !impact) {
resultEl.innerText = "Please enter valid values.";
return;
}
const score = likelihood * impact;
let level = "";
if (score <= 5) {
level = "Low Risk";
} else if (score <= 12) {
level = "Medium Risk";
} else if (score <= 19) {
level = "High Risk";
} else {
level = "Critical Risk";
}
resultEl.innerText = `Risk Score: ${score} (${level})`;
}That’s all you need for a functioning risk calculator.
Making It More Realistic for Small Businesses
Consider pre‑defining common threat categories:
- Phishing attacks
- Weak passwords
- Unpatched software
- Insider threats
- Ransomware
You could let users:
- Select a threat type
- Indicate mitigation status
- Assign weight factors (e.g., multiply the final score by 1.2 if data sensitivity is high)
These extensions make the tool more aligned with real‑world risk factors.
Adding Risk Color Indicators (Optional Upgrade)
// Extend calculateRisk() with visual feedback
function calculateRisk() {
const likelihood = parseInt(document.getElementById("likelihood").value);
const impact = parseInt(document.getElementById("impact").value);
const resultEl = document.getElementById("result");
if (!likelihood || !impact) {
resultEl.innerText = "Please enter valid values.";
resultEl.style.color = "";
return;
}
const score = likelihood * impact;
let level = "";
let color = "";
if (score <= 5) {
level = "Low Risk";
color = "green";
} else if (score <= 12) {
level = "Medium Risk";
color = "orange";
} else if (score <= 19) {
level = "High Risk";
color = "red";
} else {
level = "Critical Risk";
color = "darkred";
}
resultEl.innerText = `Risk Score: ${score} (${level})`;
resultEl.style.color = color;
}Visual cues improve usability significantly.
Why This Matters for Small Businesses
- Many lack dedicated IT security teams
- Password reuse and delayed updates are common
- Cyber threats are often underestimated
A lightweight assessment tool helps them:
- Identify high‑priority threats
- Justify security investments
- Improve compliance readiness
- Reduce financial exposure
It turns abstract fear into measurable data.
Taking It Further
- Save results with LocalStorage
- Export risk reports as PDF
- Add charts using Chart.js
- Implement multi‑threat scoring
- Integrate with frameworks such as ISO 27001
The core architecture stays simple while the value grows.
Final Thoughts
Building a Cyber Risk Assessment Tool doesn’t require complex frameworks. With basic HTML, CSS, and JavaScript you can deliver a practical solution that helps small businesses understand their security exposure.
A live example is available here: Cybersecurity Risk Score Calculator