Cybersecurity is no longer optional for small businesses. Even companies with fewer than 10 employees are targeted by phishing attacks, ransomware, credential theft, and data breaches.
The problem? Most small businesses don’t have a dedicated security team — and enterprise risk tools are expensive and complex.
In this guide, we’ll build a simple Cyber Risk Assessment Tool using HTML, CSS, and JavaScript. By the end, you’ll have a working calculator that:
Evaluates risk using Likelihood × Impact
Assigns risk levels (Low, Medium, High, Critical)
Works entirely in the browser
Requires no external libraries
Let’s get started.
1. Understanding Cyber Risk Scoring
At its core, risk assessment is based on a simple formula:
Risk Score = Likelihood × Impact
Where:
Likelihood = Probability that a threat will occur
Impact = Damage if the threat occurs
For small businesses, we can use a 1–5 scale:
Score Meaning
1 Very Low
2 Low
3 Moderate
4 High
5 Very High
This keeps things simple and practical.
2. Designing the Risk Matrix
If Likelihood and Impact both range from 1–5:
Minimum Risk = 1 × 1 = 1
Maximum Risk = 5 × 5 = 25
We can categorize risk levels like this:
1–5 → Low
6–12 → Medium
13–19 → High
20–25 → Critical
This gives us clear decision thresholds.
3. Creating the HTML Structure
Here’s a simple interface:
Cyber Risk Assessment Tool
Likelihood (1-5):
Impact (1-5):
Calculate Risk
4. Styling with Basic CSS
.container {
max-width: 400px;
margin: 40px auto;
padding: 20px;
border-radius: 8px;
box-shadow: 0 4px 10px rgba(0,0,0,0.1);
font-family: Arial, sans-serif;
}
input {
width: 100%;
padding: 8px;
margin-bottom: 10px;
}
button {
width: 100%;
padding: 10px;
background: #0a66c2;
color: white;
border: none;
cursor: pointer;
}
result {
margin-top: 15px;
font-weight: bold;
}
5. Writing the JavaScript Logic
Now the core functionality:
function calculateRisk() {
const likelihood = parseInt(document.getElementById("likelihood").value);
const impact = parseInt(document.getElementById("impact").value);
if (!likelihood || !impact) {
document.getElementById("result").innerText = "Please enter valid values.";
return;
}
const score = likelihood * impact;
let level = "";
if (score <= 5) {
level = "Low Risk";
} else if (score <= 12) {
level = "Medium Risk";
} else if (score <= 19) {
level = "High Risk";
} else {
level = "Critical Risk";
}
document.getElementById("result").innerText =
Risk Score: ${score} (${level});
}
That’s it. You now have a functioning risk calculator.
6. Making It More Realistic for Small Businesses
To make the tool practical, you can pre-define common threats:
Phishing attacks
Weak passwords
Unpatched software
Insider threats
Ransomware
You could allow users to:
Select threat type
Add mitigation status
Assign weight factors
For example, if data sensitivity is high, multiply the final score by 1.2.
7. Adding Risk Color Indicators (Optional Upgrade)
You can visually represent risk levels:
if (score <= 5) {
level = "Low Risk";
result.style.color = "green";
} else if (score <= 12) {
level = "Medium Risk";
result.style.color = "orange";
} else if (score <= 19) {
level = "High Risk";
result.style.color = "red";
} else {
level = "Critical Risk";
result.style.color = "darkred";
}
Visual feedback improves usability significantly.
8. Why This Matters for Small Businesses
Small businesses often:
Lack dedicated IT security teams
Reuse passwords
Skip regular software updates
Underestimate cyber threats
A lightweight risk assessment tool helps them:
Identify high-priority threats
Justify security investments
Improve compliance readiness
Reduce financial exposure
It transforms cybersecurity from abstract fear into measurable data.
9. Taking It Further
You can expand this tool by:
Saving results using LocalStorage
Exporting risk reports as PDF
Adding charts with Chart.js
Creating multi-threat scoring
Integrating with compliance frameworks like ISO 27001
The architecture remains simple, but the value increases.
10. Final Thoughts
Building a Cyber Risk Assessment Tool doesn’t require complex frameworks. With basic HTML, CSS, and JavaScript, you can create a practical solution that helps small businesses understand their security exposure.
Here's is a live example of a fully working Cybersecurity Risk Score Calculator.
Top comments (0)