In the contemporary digital economy, small and medium-sized enterprises (SMEs) increasingly rely on Information Technology (IT) systems to support their operations, enhance competitiveness, and drive innovation. However, this digital dependence exposes SMEs to escalating cybersecurity threats, while they operate with limited cybersecurity resources, immature governance structures, and inadequate awareness of emerging digital risks. This study maps research trends worldwide on IT governance for cybersecurity in SMEs between 2015 and 2025 through bibliometric analysis, aiming to identify the intellectual structure, thematic evolution, and emerging gaps in knowledge in this field. Data were retrieved from the Scopus database and analysed using VOSviewer to identify keyword co-occurrences, publication patterns, and subject areas. The findings reveal IT governance as the intellectual core linking cybersecurity and risk management, while legal compliance is an emerging concern influenced by regulations such as the General Data Protection Regulation and POPIA. However, decision-making, data security, and cyber-attack response remain under-researched. The study concludes that current literature is concentrated on strategic discourse, lacks operational depth, and shows geographic disparities. It calls for context-sensitive, simplified governance models, cross-country studies, and empirical research integrating cultural, legal, and human dimensions to strengthen SME cybersecurity resilience.

Keywords

IT Governance, Cybersecurity, Small and Medium-Sized Enterprises (SMEs), Risk Management, and Legal Compliance