Step-by-Step Guide to Creating a Cyber Risk Assessment Tool for Small Businesses

Jozam Chahenza — Fri, 20 Feb 2026 16:10:51 +0000

Cybersecurity is no longer optional for small businesses. Even companies with fewer than 10 employees are targeted by phishing attacks, ransomware, credential theft, and data breaches.

The problem? Most small businesses don’t have a dedicated security team — and enterprise risk tools are expensive and complex.

In this guide, we’ll build a simple Cyber Risk Assessment Tool using HTML, CSS, and JavaScript. By the end, you’ll have a working calculator that:

Evaluates risk using Likelihood × Impact

Assigns risk levels (Low, Medium, High, Critical)

Works entirely in the browser

Requires no external libraries

Let’s get started.

1. Understanding Cyber Risk Scoring

At its core, risk assessment is based on a simple formula:

Risk Score = Likelihood × Impact

Where:

Likelihood = Probability that a threat will occur

Impact = Damage if the threat occurs

For small businesses, we can use a 1–5 scale:

Score Meaning
1 Very Low
2 Low
3 Moderate
4 High
5 Very High

This keeps things simple and practical.

2. Designing the Risk Matrix

If Likelihood and Impact both range from 1–5:

Minimum Risk = 1 × 1 = 1

Maximum Risk = 5 × 5 = 25

We can categorize risk levels like this:

1–5 → Low

6–12 → Medium

13–19 → High

20–25 → Critical

This gives us clear decision thresholds.

3. Creating the HTML Structure

Here’s a simple interface:

Cyber Risk Assessment Tool

Likelihood (1-5):

Impact (1-5):

Calculate Risk

4. Styling with Basic CSS

.container {
max-width: 400px;
margin: 40px auto;
padding: 20px;
border-radius: 8px;
box-shadow: 0 4px 10px rgba(0,0,0,0.1);
font-family: Arial, sans-serif;
}

input {
width: 100%;
padding: 8px;
margin-bottom: 10px;
}

button {
width: 100%;
padding: 10px;
background: #0a66c2;
color: white;
border: none;
cursor: pointer;
}

result {

margin-top: 15px;
font-weight: bold;
}

5. Writing the JavaScript Logic

Now the core functionality:

function calculateRisk() {
const likelihood = parseInt(document.getElementById("likelihood").value);
const impact = parseInt(document.getElementById("impact").value);

if (!likelihood || !impact) {
document.getElementById("result").innerText = "Please enter valid values.";
return;
}

const score = likelihood * impact;
let level = "";

if (score <= 5) {
level = "Low Risk";
} else if (score <= 12) {
level = "Medium Risk";
} else if (score <= 19) {
level = "High Risk";
} else {
level = "Critical Risk";
}

document.getElementById("result").innerText =
Risk Score: ${score} (${level});
}

That’s it. You now have a functioning risk calculator.

6. Making It More Realistic for Small Businesses

To make the tool practical, you can pre-define common threats:

Phishing attacks

Weak passwords

Unpatched software

Insider threats

Ransomware

You could allow users to:

Select threat type

Add mitigation status

Assign weight factors

For example, if data sensitivity is high, multiply the final score by 1.2.

7. Adding Risk Color Indicators (Optional Upgrade)

You can visually represent risk levels:

if (score <= 5) {
level = "Low Risk";
result.style.color = "green";
} else if (score <= 12) {
level = "Medium Risk";
result.style.color = "orange";
} else if (score <= 19) {
level = "High Risk";
result.style.color = "red";
} else {
level = "Critical Risk";
result.style.color = "darkred";
}

Visual feedback improves usability significantly.

8. Why This Matters for Small Businesses

Small businesses often:

Lack dedicated IT security teams

Reuse passwords

Skip regular software updates

Underestimate cyber threats

A lightweight risk assessment tool helps them:

Identify high-priority threats

Justify security investments

Improve compliance readiness

Reduce financial exposure

It transforms cybersecurity from abstract fear into measurable data.

9. Taking It Further

You can expand this tool by:

Saving results using LocalStorage

Exporting risk reports as PDF

Adding charts with Chart.js

Creating multi-threat scoring

Integrating with compliance frameworks like ISO 27001

The architecture remains simple, but the value increases.

10. Final Thoughts

Building a Cyber Risk Assessment Tool doesn’t require complex frameworks. With basic HTML, CSS, and JavaScript, you can create a practical solution that helps small businesses understand their security exposure.

Here's is a live example of a fully working Cybersecurity Risk Score Calculator.

DEV Community: Jozam Chahenza