This study addresses heightened digital security and privacy threats faced by high-risk user groups—including children, activists, and women in developing regions—whose vulnerabilities are exacerbated by identity, behavior, or environmental factors. Method: Through a systematic literature review (SoK), meta-analysis, and qualitative coding of 95 empirical studies, the work synthesizes evidence across diverse contexts. Contribution/Results: It introduces, for the first time, a unified taxonomy of ten cross-cutting risk contextual factors (e.g., marginalization, exposure to sensitive resources) and concurrently models both technical and non-technical protective practices alongside their critical adoption barriers. The resulting reusable theoretical framework advances inclusive security design and has been widely cited in HCI and cybersecurity research, informing subsequent studies, policy development, and real-world product implementation.

At-risk users are people who experience risk factors that augment or amplify their chances of being digitally attacked and/or suffering disproportionate harms. In this systematization work, we present a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 95 papers. Across the varied populations that we examined (e.g., children, activists, people with disabilities), we identified 10 unifying contextual risk factors —such as marginalization and access to a sensitive resource —that augment or amplify digital-safety risks and their resulting harms. We also identified technical and non-technical practices that at-risk users adopt to attempt to protect themselves from digital-safety risks. We use this framework to discuss barriers that limit at-risk users’ ability or willingness to take protective actions. We believe that researchers and technology creators can use our framework to identify and shape research investments to benefit at-risk users, and to guide technology design to better support at-risk users.