Introduction

In the last two decades, the concept of smart cities has grown more and more popular. The concept of a smart city was first defined in the mid-1800s to describe highly efficient and self-governed cities in Western America (Yigitcanlar et al., 2018). With the rapid development of the internet in the 1990s, the concept of smart cities officially entered the public discourse, aiming to solve social problems caused by ‘urban sprawl’ and to manage disasters through innovative use of information and communication technologies (ICTs) (Albino et al., 2015). Previous studies have shown that smart cities also play a significant role in promoting technological innovation, spurring a stronger economy, maintaining a sustainable environment and improving quality of life for citizens (Zhu et al., 2025; Qian et al., 2021; Yu et al., 2020). In terms of disaster risk reduction, both studies and practices have shown that smart cities can greatly improve disaster risk monitoring and early warning capabilities, the collaborative efficacy of multiple participants, and public emergency participation by integrating advanced technologies such as big data, large language models (such as ChatGpt 4.0 and Deepseek) and ICTs (Dang et al., 2025; Li et al., 2024; Ariyachandra et al., 2023; Zhu et al., 2022).

Although smart city technologies and policies have provided effective methods for emergency management, the complex and interdependent nature of smart cities also creates new vulnerabilities and threats. First, the multi-source heterogeneous network, the rapid flow of data and the frequent interaction of various intelligent devices are positioning smart cities to face more and more threats related to cybersecurity, information security and privacy (Abreu et al., 2025; Ismagilova et al., 2022; Zhang et al., 2017). For example, a research report from the University of Cambridge showed that the disinformation online caused 800 deaths worldwide during the coronavirus disease 2019 (COVID-19) pandemic between January and March 2020 (Islam et al., 2020). Furthermore, information leakage or improper sharing can lead to a series of non-traditional security problems and even endanger political security and national security. Second, smart city programmes substantially impact the everyday lives of individuals and local communities, especially when considering the rapid development and application of various artificial intelligence (AI) tools (such as ChatGpt, DeepSeek and Gemini), which can convert to social risks and threaten societies, as well as smart city programme objectives (Ortiz-Bonnin and Blahopoulou, 2025; Shayan and Kim, 2023). For example, the advent of autonomous vehicles brings profound changes to transportation while introducing new challenges, especially regarding traffic regulation compliance (Pang et al., 2025). Previous studies have discussed a lot of social risks such as disempowerment, social exclusion, discrimination and emerging ethical problems caused by the development of smart cities (Jang and Gim, 2022; Caragliu and Del Bo, 2022; Chang, 2021). Third, due to the rapid development of ICTs, the human–cyber–physical boundary in smart cities has been breached, and risks in one field are easily spreading to other fields and even provoking new risks. For example, during 2020, COVID-19 evolved from an initial public health event into a profound international public crisis, exerting devastating impacts on public health, the global economy and society (Eoh et al., 2025; Hu and Liu, 2022).

In fact, existing research mainly focuses on the positive role of smart city construction in disaster risk management, particularly emphasising the technical advantages of smart city technologies such as big data, blockchains, the Internet of Things (IoT) and AI in disaster risk monitoring and early warning, emergency resources management, and emergency information management (Alsamhi et al., 2019; Alkhatib et al., 2019; Park et al., 2018). Some papers have also discussed the promotional effect of the smart emergency platform on the efficiency of multi-agent collaborative emergency responses (Wang and Chen, 2022; Zhu et al., 2022). In addition, as any effective smart city proposal must consider both the technological and policy challenges to be optimally beneficial to the city, some scholars have also emphasised the importance of emergency policy reform for smart cities (Wang et al., 2025; Soyata et al., 2019). However, few studies to date have focused on the new types of disaster risks that arise during the construction and development of smart cities. Therefore, it is necessary to explore the influencing factors of new disaster risks in smart cities and their relationships, clarify the main sources and characteristics of new disaster risks in smart cities and point out directions for the emergency management of smart cities, which can not only enrich risk studies of smart cities but also provide important references for the emergency management of smart cities.

Related works on new disaster risks of smart cities

With the acceleration of smart city construction, while smart technologies are improving urban economic benefits and optimising government services, smart risks are also becoming increasingly prominent. Most existing studies have analysed the risks of smart cities from a single perspective, such as information security (Alabsi and Gill, 2025; Apata et al., 2023), technology risks (Ullah et al., 2021; Sookhat et al., 2019), organisational risks (Gupta and Hall., 2021), or social risks (Ottenburger and Ufer, 2023; Shayan and Kim, 2023; Wang et al., 2021), but few studies to date have conducted systematic identification and analysis of new disaster risks in smart cities. Therefore, the present study systematically analysed new risks of smart cities by reviewing existing studies and current practices of smart city emergency management. Specifically, we first retrieved and screened both Chinese- and English-language papers studying new disaster risks of smart cities, and, after reviewing and discussing the selected papers and consulting experts in the field of smart city and emergency management, we finally classified new disaster risks of smart cities into six aspects—namely, people, infrastructure, technology, information, the internet and policies. The detailed identification process of relevant literature selection is shown in Fig. 1.

Fig. 1: Identification process of relevant literatures.
Fig. 1: Identification process of relevant literatures.
Full size image

It shows the selective process of relevant studies used for the literature review. CNKI represents the China National Knowledge Infrastructure, WOS represents Web of Science, CSSCI represents Chinese Social Sciences Citation Index, SCI represents Science Citation Index Expanded, and SSCI represents Social Sciences Citation Index.

Risk factors related to people

People are the builders and managers of smart cities, and their behaviours directly determine the performance of smart city construction to some extent. Therefore, the role and behaviour irregularities of people are the primary source of smart city risks. Specifically, new disaster risk factors related to people mainly include four aspects, as follows: (1) Risk perception. In fact, people-oriented and public participation have become the basic principles of smart city construction (Liu and Han, 2025; Han et al., 2022); therefore, the public’s risk perceptions will directly affect the disaster risks of smart cities (Zou et al., 2019). (2) Mis-operation. The development of smart city management and service platforms relies on the deep integration of various intelligent technologies; once managers make operational mistakes in the process of system management, it is possible to experience huge adverse consequences or even paralysis of the entire smart city system (Chen et al., 2020). (3) Intentional behaviour. As various management and service platforms of smart cities exemplify the deep integration of multiple intelligent technologies, there are inevitably security loopholes in the process of their development, operation and maintenance, which provide an opportunity for criminals to steal and sell user information. For example, in 2016, suspect Wang stole personal information from a medical service system and sold it. According to statistics, the scale of China’s underground information trading industry chain has exceeded 10 billion records (Leng, 2019). (4) Psychological factors. The rapid development of modern information technologies in smart cities has significantly increased the amount of information being exchanged, resulting in increased difficulty for users to screen out effective information, leading to a sense of powerlessness and even information anxiety in information screening and use and resulting in risks such as increased social volume and dissipation of individual rationality (Chen and Liu, 2023).

Risk factors related to infrastructure

Technological advances have enabled many cities to consider implementing smart city infrastructure to provide in-depth insights into different data points and enhance the lives of citizens. Unfortunately, these new technological implementations also entice adversaries and cybercriminals to execute cyberattacks and commit criminal acts on these modern infrastructures (Tok and Chattopadhyay, 2023). The infrastructure in smart cities can be divided into physical and information infrastructure (or digital infrastructure), and the risks originating from infrastructure can also be divided into physical and information infrastructure risks. In considering physical infrastructure risks, critical infrastructure with networks and energy as the core is not only threatened by the risk of natural disasters but also by new risks of its own making (Chang et al., 2014). The physical infrastructure in smart cities (e.g. heating elements, switches, valves, filters and smartphones) has actuators that adjust and control equipment, rather than sensors that measure things, which means that those who can compromise these systems have the potential to cause physical damage to users in addition to data theft or denial-of-service attacks (Habibzadeh et al., 2019). Second, there is a vulnerability risk arising from the information infrastructure. While the intelligence of a smart city infrastructure does not necessarily increase threats, it does increase vulnerability (in the form of more sophisticated attack surfaces) and increase the potential consequences of attacks (physical damage to the real world through attacks on the network). On the one hand, the openness of the internet directly increases the vulnerability risk of the smart city system. In addition, external environment threats, such as hacker attacks, significantly increase the vulnerability of smart cities. As such, once information leakage of a smart city occurs, the consequences may be unforeseeable. On the other hand, as the boundaries between the virtual world and the real/physical world of the smart city are broken, various types of critical infrastructure are more closely connected, and an attack on any infrastructure may lead to cascading failures of other infrastructure associated with it (Almaleh and Tipper, 2021). This will result in the complete paralysis of the smart city system, and more seriously, even directly threaten the life safety of the public.

Risk factors related to technology

Various intelligent technologies in smart cities bring people significant convenience, but also breed new technical risks. First among these is the risk stemming from technology dependence. At present, the construction of smart city projects mainly adopts the method of purchasing services, and the government often entrusts high-tech enterprises to develop and maintain smart city systems. Once the enterprise in charge of smart city project development becomes a leading technology enterprise, its technological advantages are very likely to become a tool for its commercial interests. For example, these high-tech enterprises can obtain huge profits through data transactions by virtue of their technological advantages and databases (Zhao and Zheng, 2016). Second is the risk of technology alienation. Technology is a double-edged sword; while technological innovation provides great convenience to human life, improving economic benefits and urban governance ability, it may also produce negative effects completely contrary to people’s expectations, thus threatening human beings themselves. For example, in the process of smart city technology integration and development, the technology isolation dilemma, technology fragmentation and challenges brought on are seriously inconsistent with the expectations placed on smart city systems (Xiao and Li, 2023). Third is the risk from technology iteration. The speed of technology upgrading in smart cities is unprecedented, and the emergence of new technologies is always accompanied by a series of unknown risks. However, if cities want to transform into smart and sustainable cities, they must adopt disruptive technologies (Ullah et al., 2021). The adoption of new technologies inevitably brings new risks; if the city does not propose new security solutions for new technologies during smart development, the results are likely to be disastrous once security problems occur. Fourth is the risk from abuse of technology. With the rapid development of big data technology, intelligent applications can accurately locate users’ information preferences through an analysis of users’ browsing behaviour and then induce users’ irrational consumption behaviours through personalised information pushes to pursue commercial benefits. What is more serious is that the induction of bad information will also cause psychological damage to users, especially to the physical and mental health of young people. For example, Messing et al. (2020) reported that 62–72% of women have experienced direct stalking and 60–63% have experienced technology-based abuse by an intimate partner. In addition, the emergence of deepfake technology provides an opportunity for criminals to obtain benefits through information theft and trafficking and even leads to serious consequences such as manipulating political elections and threatening national security (Zhang, 2022). Fifth is the risk from technology ethics. The development and application of smart city technologies such as AI, big data analytics, cloud computing and blockchain may lead to new technological ethical risks such as technological unemployment and a loss of data privacy (Yoon, 2020). This is because the fundamental logic of a smart city platform follows the technical rationality and pursues the optimal solution of the operation results under mathematical logic, while ignoring the gap between the realistic situation of the smart city and the technical idealism, which leads to the crisis of algorithm utilitarianism.

Risk factors related to information

The information security risks of smart city systems mainly arise from various stages such as information collection, storage, analysis and use. First is the risk from information overcollection. Information is the basic premise for all kinds of intelligent systems in smart cities to provide services, and smart city systems and intelligent applications terminals (such as smartphones) collect personal information such as career, education background, facial recognition information, fingerprints, interests and other personal information in the process of development and application, resulting in a number of lawsuits caused by overcollection of information in recent years (Mao et al., 2019). Second, the information ownership is unclear. The process of smart city information-gathering, encompassing collection, transmission, analysis, storage and application, involves the participation of multiple subjects. It is difficult to locate the specific points of information security problems, which enhances the difficulty of information security risk prevention and control significantly (Mao et al., 2019). Third is the risk from information leakage. Because the construction of smart cities remains in the stage of comprehensive development, the construction of software and hardware infrastructure still needs to be further improved, the stability of intelligent service systems in smart cities is low, and the risk of information leakage is high (Zhao et al., 2018). Especially in intelligent applications based on the IoT and cloud computing, cloud storage renders personal information vulnerable to hackers, and personal identity data, medical records, login names and passwords are easily leaked. For example, in 2016, JD users’ data were leaked, and the leakage of phone numbers and ID card information posed a great threat to personal privacy and security (Mao et al., 2019). In addition, in the context of smart cities, personal privacy data is infinitely connected and analysed by various intelligent service systems, making it easy for criminals to steal personal information for illegal transactions and telecoms fraud (Leng, 2019).

Risk factors related to internet

The over-reliance on networks in the construction of smart cities has significantly increased the hidden dangers of network security. First is the risk from cyber-attacks. Smart cities are facing an increasing threat of various cyber-attacks, becoming prime targets for hackers, including cyber-attacks on critical infrastructure that involve manipulating sensor data to cause widespread panic. For example, according to a Prism report, IBM has worked closely with the U.S. national intelligence department to place logic bombs in various hardware and software infrastructures of smart cities, and these programmes could be activated during wartime, resulting in an attack on smart cities that would be devastating (Zhao et al., 2018). As another example, during the recent conflict between Lebanon and Israel, a series of explosions of radio pagers, handheld intercoms and solar power plants made people panic in Lebanon, as some of the most dependent daily electronic equipment had become bombs. Second is the risk from online mass incidents. In recent years, with the rapid development of the internet and social media, online mass incidents have increased significantly. Online mass incidents refer to the public’s loss of their own interests, and then, through the network platform, to protect their rights, with the support of most netizens, expand the influence of the incident and then seek the best solutions (Li et al., 2022). Online mass incidents have been attracting growing scholarly attention. For example, Bondes and Schucher (2014) investigated the largest online mass incident in China from 2009 to 2014, prompted by the crash of two high-speed trains near Wenzhou in July 2011, and analysed the discussion of this incident among netizens on Micro-Blog. Third is the risk from cyberterrorism. An act of cyberterrorism involves using the internet and other forms of information and communication technology to threaten or cause bodily harm to gain political or ideological power through threats or intimidation (Iftikhar, 2024). Smart city technology, especially instant messaging tools and social media platforms, has become an important medium for terrorist organisations to spread terrorist information and carry out terrorist activities. In October 2016, at the ‘Global Internet Forum to Counter Terrorism’ held in Beijing, the expert indicated that more than 90% of terrorist activities worldwide are organised through online platforms or directly in cyberspace (Su and Guo, 2020).

Risk factors related to institutions

Institutional factors are also the main sources of security risks in smart cities, which mainly include the following three aspects. First is the risk from the imperfect regulatory system. Smart cities demand new strategies and forms of control. The traditional model of public regulation is challenged by a renewed relationship between technology, government and society (Gasiola et al., 2018). However, the construction standards and related management mechanisms are not yet perfect, and some technologies in the process of smart city construction rely on international cooperation, which makes supervision more difficult (Chen et al., 2020). For example, new technologies create and intensify market failures and social concerns, which demand other forms of regulation (Gasiola et al., 2018). Second is the risk from lagging legal protections. Since the pace of technological change in smart cities is unprecedented, and the construction of legal systems takes a long time, as a result, the current legal system lacks clear regulations on matters related to smart city technologies (Yang and Xu, 2018). These gaps provide opportunities for information trafficking and network attacks and greatly reduces the cost of network crimes. In addition, although some laws have been created, it is also difficult for the public to understand what laws exist and how they apply to the use of new technologies. Third is the risk from imperfect operation mechanisms. The construction and governance of smart cities demands the collaboration of multiple subjects such as government, social organisations, enterprises and citizens. At present, the construction of smart cities in China is mainly overseen by the government and enterprises, and the participation of social organisations and citizens is insufficient, which greatly limits the improvement of the collaborative emergency management ability and thus increases the associated risks and vulnerability of smart cities (Zhang et al., 2015).

Methodology

Traditionally, most importance-calculating methods used to demonstrate importance among criteria by preference weightings are based on the assumptions of additivity and independence. Scholars have found that using such an additive model is not always feasible because of the interaction and feedback relationships between indicators (Yang and Tzeng, 2011). To solve the issue, the analytic network process (ANP) method was proposed by Prof. Saaty from the University of Pittsburgh in 1996. ANP supports modelling dependencies and feedback between elements in the network, and it represents the relationship between elements with a network loop structure, which can depict the interaction between elements more accurately (Uygun et al., 2015). However, the application of ANP requires a specific decision-making problem structure, which is a cluster–node structure in the form of a network. In addition, due to the highly complex and time-consuming processes of ANP, users’ occasional misunderstandings of some ANP steps. Therefore, some scholars tried to assist with problem-structuring and decrease some of the problematic ANP implementation characteristics by coming ANP with other methods such as decision-making trial and evaluation laboratory (DEMATEL), technique for order preference by similarity to an ideal solution, and back-propagation neural networking.

Many studies have shown that the integration of ANP and DEMATEL is a more logical approach since this combined method considers interdependencies among factors (Hedayat and Kaboli, 2024), which can not only incorporate causal relationship analysis but also quantify the interdependencies and feedback weights among factors through network process analysis (Huang et al., 2024). In addition, the interpretive structure model (ISM) can divide the complex system into several subsystems, combining people’s knowledge, practical experience and the help of computers, finally building the system into a multi-level, oriented ISM. Previous studies have shown that the combination of ISM and DEMATEL can not only obtain the key factors of the system and the interaction relationships among these factors but also the hierarchical influence structure and influence paths among factors (Kumar and Dixit, 2018), which is conducive to the analysis and decision-making of complex systems. Therefore, to analyse new disaster risks factors of smart cities and their interaction relationships more clearly, this study refers to the method proposed by Huang et al. (2024) and Li and Lu (2025), introduces the triangular fuzzy number, and proposes a fuzzy DEMATEL-ANP-ISM (fuzzy DANP-ISM) method to analyse the disaster risk factors and their interaction relationships in smart cities by combining DEMATEL, ANP and ISM methods. The detailed process is shown in Fig. 2.

Fig. 2: The detailed process of fuzzy DANP-ISM method.
Fig. 2: The detailed process of fuzzy DANP-ISM method.
Full size image

It shows the detailed process of the fuzzy DANP-ISM method used in this study. DEMATEL represents Decision Making Trial and Evaluation Laboratory, which is a useful technique for identifying critical factors in systems as well as the causal and effect relations of factors; ANP represents Analytic Network Process, which can depict the interaction between elements more accurately; ISM represents The Interpretive Structure Model, which refers to a process that transforms unclear and poorly articulated models of systems into visible and well-defined models for many purposes).

Step 1: Construct the fuzzy direct impact matrix. Specifically, the degree of interaction among the factors was divided into five levels (see in Table 1), and 10 experts in the field of emergency management were invited to score the interaction degree among the factors of new disaster risks in smart cities. The arithmetic mean of these 10 expert opinions was then used to generate the initial relationship matrix (Wang et al., 2023); On this basis, according to the method proposed by Chen (2000), the score from the experts was converted into triangular fuzzy numbers, and the direct impact matrix \(A\) of new disaster risk factors in smart cities was further obtained by de-fuzzing the triangular fuzzy numbers \(({l}_{{ij}},\,{m}_{{ij}},\,{r}_{{ij}})\) using the centre-of-gravity method. The calculation formula is shown in Eq. (1).

$${A}_{{ij}}=\frac{\left({r}_{{ij}}-{l}_{{ij}}\right)+\left({m}_{{ij}}-{l}_{{ij}}\right)}{3}+{l}_{{ij}}$$
(1)
Table 1 Scores and fuzzy numbers of linguistic terms.
Full size table

Step 2: According to Eq. (2), the normalised direct impact matrix \(B\) was obtained by normalising matrix \(A\). Where \(\max {\sum }_{{i}=\,1}^{n}{a}_{{ij}}\) represents the maximum sum of the rows of matrix \(A\), \(\max {\sum }_{{j}=\,1}^{n}{a}_{{ij}}\) represents the maximum sum of the columns of matrix \(A\).

$$B\,=\,\frac{A}{\max (\max {\sum }_{i\,=\,1}^{n}{a}_{{ij}},\max {\sum }_{j\,=\,1}^{n}{a}_{{ij}})}$$
(2)

Step 3: The comprehensive impact matrix T was calculated according to Eq. (3), where I represents the identity matrix.

$$T\,=\,{\sum }_{i\,=\,1}^{\infty }{B}^{i}\,={B\left(I-B\right)}^{-1}$$
(3)

Step 4: Calculate \({f}_{i}\), \({e}_{i}\), \({M}_{i}\) and \({R}_{i}\) according to Eqs. (47), where \({f}_{i}\), named influence degree, represents the sum of the direct and indirect effects dispatching from factor \({F}_{i}\) to the other factors. Similarly, \({e}_{i}\), named the influence degree, represents the sum of direct and indirect effects that factor \({F}_{j}\) is receiving from the other factors. \({M}_{i}\), named ‘Prominence/Centre degree,’ illustrates the strength of influences that are given and received of the factor. Further, \({f}_{i}+{e}_{i}\) stands for the degree of central role that the factor plays in the system. Finally, \({R}_{i}\), named ‘Relation/Cause degree,’ shows the net effect that the factor contributed to the system.

$${f}_{i}\,=\,{\sum }_{j\,=\,1}^{n}{t}_{{ij}},(i\,=\,1,2,\ldots ,n)$$
(4)
$${e}_{i}\,=\,{\sum }_{j\,=\,1}^{n}{t}_{{ji}},\,(i\,=\,1,2,\ldots ,n)$$
(5)
$${M}_{i}={f}_{i}+{e}_{i},(i\,=\,1,2,\ldots ,n)$$
(6)
$${R}_{i}={\,f}_{i}-{e}_{i},(i\,=\,1,2,\ldots ,n)$$
(7)

Step 5: Calculate unweighted supermatrix \(W\). First, the matrix \(T\) was converted into the form shown in Eq. (8), and then each submatrix of \(T\) was normalised to obtain the matrix \({T}_{c}^{a}\). Taking the submatrix \({T}_{c}^{12}\) as an example, the normalisation process is shown in Eq. (9). The unweighted supermatrix \(W\) of the secondary index was obtained by transposition of \({T}_{c}^{a}\).

(8)
(9)

Step 6: Calculate the weighted supermatrix \({W}_{a}\). According to step 3, the comprehensive impact matrix \({T}_{D}\) and normalised matrix \({T}_{D}^{a}\) of the first-level index can be obtained, and then the weighted supermatrix \({W}_{a}\) can be calculated by Eq. (10).

$$Wa=\left[\begin{array}{ccccc}{W}_{11}\times {T}_{D}^{a}(1,1) & \cdots & {W}_{1j}\times {T}_{D}^{a}(j,1) & \cdots & {W}_{1n}\times {T}_{D}^{a}(n,1)\\ \vdots & & \vdots & & \vdots \\ {W}_{i1}\times {T}_{D}^{a}(1,i) & \cdots & {W}_{ij}\times {T}_{D}^{a}(j,i) & \cdots & {W}_{in}\times {T}_{D}^{a}(n,i)\\ \vdots & & \vdots & & \vdots \\ {W}_{n1}\times {T}_{D}^{a}(1,n) & \cdots & {W}_{nj}\times {T}_{D}^{a}(j,n) & \cdots & {W}_{nn}\times {T}_{D}^{a}(n,n)\end{array}\right]$$
(10)

Step 7: The weights of new disaster risk factors can be obtained by calculating the limit of the weighted supermatrix \({W}_{a}\).

Step 8: Calculate the global impact matrix \(H\) and accessibility matrix \(K\) by Eqs. (1113). Where \({\lambda }\) represents the threshold, \({\lambda }\in \left[\mathrm{0,1}\right]\), the larger the \({\lambda }\) is, the more obvious the structural simplification effect is. α and β are the mean and standard deviation of all factors in the comprehensive impact matrix \(T\), respectively, while \({k}_{{ij}}\) represents the correlation between factors \(i\) and \(j\). Generally, \({\lambda }\) is determined by experienced experts based on the actual decision problems, which has poor objectivity. Therefore, in this study, \({\lambda }\) was determined by calculating the sum of the mean and standard deviation values of comprehensive influence matrix \(T\), and previous studies have verified that this method can reduce the subjectivity of experts (Chen et al., 2021).

$$H\,=\,T\,+\,I$$
(11)
$$K\,=\,{({k}_{{ij}})}_{n\,\times \,n}=\left\{\begin{array}{c}1,{h}_{{ij}}\ge {\rm{\lambda }}\\ 0,{h}_{{ij}} < {\rm{\lambda }}\end{array}\right.(i,j=1,2,\ldots ,n)$$
(12)
$$\lambda =\alpha +\beta$$
(13)

Step 9: Calculate the reachable set \(R\left({s}_{i}\right)\) and antecedent set \(A\left({s}_{i}\right)\), where \(R\left({s}_{i}\right)\) represents the set of factors influenced by \({s}_{i}\), and \(A\left({s}_{i}\right)\) represents the set of factors influencing \({s}_{i}\). In accordance with the reachable matrix \(K\), \(R\left({s}_{i}\right)\) and \(A\left({s}_{i}\right)\) can be obtained by Eqs. (14 and 15), and it is verified by Eq. (16) whether the reachable set and the prior set meet. The corresponding factor \({s}_{i}\) that satisfies Eq. (16) is the first-level factor of the system. Then, the i th row and i th column of the matrix \(K\) are removed. Equations (1416) are repeated to obtain the factors in the later levels until all factors are eliminated. By removing factors layer by layer, the factors are finally divided into different hierarchies. An ISM is developed to explore the action mechanism among the factors (Huo et al., 2023).

$$R\left({s}_{i}\right)=\left\{{s}_{i}\in S|{k}_{{ij}}=1\right\}$$
(14)
$$A\left({s}_{i}\right)=\left\{{s}_{i}\in S|{k}_{{ji}}=1\right\}$$
(15)
$$R\left({s}_{i}\right)\,=\,R\left({s}_{i}\right)\cap \,A\left({s}_{i}\right)$$
(16)

Results

Results of fuzzy DEMATEL analysis

Tables 3, 4 and 6 in the Appendix show the results of the direct influence matrix, the comprehensive influence matrix, and the influencing, influence, centrality and causality calculations for the new disaster risk factors of smart cities, respectively. Accordingly, the causal-effect diagram of new disaster risk factors in smart cities was plotted (see Fig. 3), where the vertical axis represents whether the factor is a cause or result factor (cause degree), while the horizontal axis shows the overall influence intensity (centre degree) of factors. According to Fig. 3, the factors in the first quadrant are the main factors of new risks that smart cities face, which include vulnerability risks from information infrastructure (B2), the risk of technology dependence (C1), the risk of technology alienation (C2), the risk from abuse of technology (C4), the risk from an imperfect regulatory system (F1) and intentional behaviours (A3). In addition, the factors in the second quadrant are the subsidiary factors of new risks that smart cities face, which include physical infrastructure risks (B1), the risk from an imperfect operation mechanism (F3), the risk of technology iteration (C3), the risk from lagging legal protections (F2) and risk perceptions (A1). The factors in the third quadrant are the more important influencing factors of new risks that smart cities face, including risks from an abuse of technology (C5), the risk from cyberterrorism (E3), the risk from online mass incidents (E2), psychological factors (A4), mis-operation (A2) and the ownership of information being unclear (D2). Finally, the factors in the fourth quadrant are the factors most influenced by other factors, including the risk from information leakage (D3), the risk from cyber-attacks (E1) and the risk from overcollection (D1).

Fig. 3: Causal-effect relation diagram of new disaster risk influencing factors in smart cities.
Fig. 3: Causal-effect relation diagram of new disaster risk influencing factors in smart cities.
Full size image

It shows the causal relationship between the new risk factors of smart cities. \({\rm{R}}+{\rm{D}}\) named center degree illustrates the strength of influences that are given and received of the factor, and which stands for the degree of central role that the factor plays in the system; \({\rm{R}}-{\rm{D}}\) named cause degree, which shows the net effect that the factor contributed to the system; A1 represents people’s risk perception, A2 represents people’s mis-operation, A3 represents people’s intentional behaviour; A4 represents people’s psychological factors, B1 represents physical infrastructure, B2 represents information infrastructure, C1 represents technology dependence, C2 represents technology alienation, C3 represents technology iteration, C4 represents technology abuse, D1 represents information overcollection, D2 represents information ownership is unclear, D3 represents information leakage, E1 represents cyber attacks, E2 represents online mass incident, E3 represents cyberterrorism, F1 represents imperfect regulatory system, F2 represents lagging legal protection system, F3 represents imperfect operation mechanism.

According to Table 6 in the Appendix, the centre degree of new disaster risk factors of smart cities can be ranked as follows: information leakage (D3) > information infrastructure (B2) > technology dependence (C1) > cyber-attacks (E1) > technology alienation (C2) > technology abuse (C4) > information overcollection (D1) > imperfect regulatory system (F1) > intentional behaviour (A3) > physical infrastructure (B1) > imperfect operation mechanism (F3) > echnology ethics (C5) > cyberterrorism (E3) > technology iteration (C3) > lagging legal protections (F2) > online mass incidents (E2) > risk perceptions (A1) > psychological factors (A4) > mis-operation (A2) > information ownership is unclear (D2). In terms of causal degree, there are 11 cause factors: intentional behaviour (A3), information infrastructure (B2), technology iteration (C3), technology dependence (C1), technology alienation (C2), lagging legal protections (F2), physical infrastructure (B1), imperfect operation mechanism (F3), imperfect regulatory system (F1), technology abuse (C4) and risk perceptions (A1). There are also nine result factors: psychological factors (A4), information ownership is unclear (D2), cyberterrorism (E3), mis-operation (A2), online mass incidents (E2), cyber-attacks (E1), technology ethics (C5), information overcollection (D1) and information leakage (D3).

Results of ANP analysis

We conducted ANP analysis based on fuzzy DEMATEL. The comprehensive impact matrix of new disaster risk factors of smart cities was applied to the unweighted super matrix to obtain the weighted super matrix and the stable limiting super matrix (see Tables 710 in the Appendix). As shown in Table 11 in the Appendix, the results show that the influencing weight among first index factors can be ranked as follows: information (D) > internet (E) > technology (C) > people (A) > infrastructure (B) > policies (F), which demonstrate that new disaster risks of smart cities mainly come from the rapidly development and application of various smart technologies. In the specific areas, information leakage (D3), cyber-attacks (E1), information overcollection (D1) and information infrastructure (B1), with respective global weights of 0.1206, 0.0826, 0.0770 and 0.0731, have an overall high importance. Conversely, technology iteration (C3), intentional behaviour (A3), technology alienation (C2), and technology dependence (C1), with respective global weights of 0.0230, 0.0271, 0.0335, and 0.0352, have an overall relatively low importance.

Results of ISM

To further explore the interrelationship, we performed ISM analysis to obtain the reachable set and antecedent set among new disaster risk factors of smart cities, based on which the 20 factors were finally divided into five different levels (see Fig. 4). The first-level factors are technology ethics (C5), information ownership is unclear (D2), information leakage (D3) and online mass incident zE2); the second-level factors are mis-operation (A2), psychological factors (A4), information overcollection (D1), cyber-attacks (E1), cyberterrorism (E3) and an imperfect regulatory system (F1); the third-level factor are risk perceptions (A1), intentional behaviour (A3), physical infrastructure (B1) and technology abuse (C4); the fourth-level factors are information infrastructure (B2), technology alienation (C2) and lagging legal protections (F2); and the fifth-level factors are technology dependence (C1), technology iteration (C3) and imperfect operation mechanism (F3). Their influence relationships are transmitted from the bottom to the top.

Fig. 4: An ISM of new disaster risk factors for smart cities.
Fig. 4: An ISM of new disaster risk factors for smart cities.
Full size image

An ISM of new risk factors for smart cities, which shows the action mechanism among the new risk factors of smart cities. Specifically, direct factors directly affect the new disaster risks of smart cities, transmitted factors involve the possible ways and types of the occurrence of new risk for smart cities, and has a moderating effect on the occurrence of new disaster risks for smart cities, underlying factors have a more fundamental impact on the new risk of smart cities and directly or indirectly affects factors in other level.

In addition, the five levels were divided into three classes: underlying factors, transmitted factors and direct factors. Specifically, disaster risk factors in L5 and L4 are considered to be underlying factors, which have a more fundamental impact on the new risk of smart cities and directly or indirectly affect factors in other levels. As mentioned before, the integrated application of various technologies such as AI, blockchain, IoT, big data, remote sensing and geographic information systems is an important way for smart cities to improve operations and governance performance. With the development of technologies, disaster monitoring, warning and responding are increasingly dependent on technology. So, if the technology fails, the blow to smart cities will be devastating. In addition, the key areas of smart cities can be classified into technology, people and institutions. However, at present, the construction of smart cities pays more attention to the innovation and application of technology and lacks an institutional system suitable for smart technologies. Moreover, the speed of technology upgrading far exceeds the legislative process; there are no clear norms and standards for the supervision of new technologies, which provides opportunities for criminals and increases the risk factors of smart cities.

Factors in L2 and L3 are named transmitted factors, which involve the possible ways and types of the occurrence of new risks that smart cities face and have a moderating effect on the occurrence of new disaster risks that smart cities face. A major problem with smart city development is inadequate governance and a lack of citizen participation. For example, Korea is at a world-class level in terms of smart cities, but it lacks in the areas of governance and citizen participation (Go, 2016). The lack of public participation leads to gaps in what the public knows about smart technology, so they have limited awareness of the potential disaster risks of smart cities, and they are prone to make operational mistakes in the process of using various smart platforms, which may lead to information leakage. Factors in L1 are named direct factors, and these directly threaten the security of smart cities—especially considering information leakage and technology ethics, which have become primary concerns of researchers in the field of emergency management (Nussbaumer et al., 2023; Zhao et al., 2022).

Discussion

Identifying critical factors of new disaster risk factors in smart cities

The results of this study highlight the critical influence of information, the internet and technology-related factors in the new disaster risks of smart cities. According to the results of the fuzzy DANP-ISM model, we identified eight factors that significantly impact new disaster risks in smart cities, including online mass incidents (E2), cyberterrorism (E3), technology ethics, information infrastructure (B2), physical infrastructure (B1), information overcollection (D1), cyber-attacks (E1) and information leakage (D3). Among them, information infrastructure (B2) and physical infrastructure (B1) are primary influencing factors, with other factors being influenced by them. The causal diagram of critical key factors based on Figs. 3 and 4 is shown in Fig. 5.

Fig. 5: Causal diagram of critical factors.
Fig. 5: Causal diagram of critical factors.
Full size image

It shows the causal relationship between critical factors of disaster risks in smart cities.

The significance of C5, D3, D1 and B2 has been extensively discussed in previous studies. For example, Shankar and Maple (2023) explored the effects of ethics and technology on the security of IoT-enabled systems in smart city infrastructure and proposed a secure smart city infrastructure by combining blockchain technology. AI-Kfairy et al. (2025) explored the ethical problems related to the metaverse, including privacy and data security, ethical AI, content moderation, harassment and mental and physical health. Ma et al. (2018) discussed four threats brought by the application of ICTs, including information insecurity, privacy leakage, information inlands and the digital divide. In terms of information infrastructure, the development of smart cities is underpinned by an increasing complex information and digital infrastructure, which is posing a variety of unpredictable and unprecedented challenges for urban management (Barns et al., 2017). Taking IoT as an example, Aydos et al. (2019) indicated that the integrated features of IoT objects cause vulnerabilities in terms of security, making them the target of cyber-attacks. In addition, some apps over-collect user information or grant permissions to collect personal information without obtaining users’ consent, resulting in a significant increase in related disputes and information leakage risks.

In addition, with the rapid development and application of smart technologies, some traditional threats have emerged in new ways (such as E1, E3 and E2), with similar and even more serious consequences. For example, Backhaus et al. (2020) indicated that the emotional responses (stress) to cyberterrorism do not differ from the emotions triggered by conventional terrorism. Ayres and Maglaras (2016) emphasised that the general public could also be a target of cyberterrorism, and a mimetic virus could be an effective method of attack. With the increasing popularity of online social networks (such as Weibo, TikTok and Rednote) in China, the country is seeing a continuously growing number of so-called online mass incidents (Bondes and Schucher, 2014), and online discussion has accompanied the process of most mass incidents happening in China in recent years, which may increase the influence of mass incidents.

Furthermore, different from previous studies, our analysis highlights the impact of physical infrastructure (B1) on new disaster risks that smart cities face. As discussed above, previous studies have mainly covered new disaster risks related to information (D), internet (E) and technology (C). However, our findings reveal that physical infrastructure is also an important aspect to consider related to new disaster risk factors affecting smart cities, especially information leakage (D3), cyber-attacks (E1), information overcollection (D1) and information infrastructure (B2). This is because nearly all the smart systems and platforms related to disaster risk monitoring and warning, as well as smart brains of emergency management, are supported by physical infrastructures (such as power and energy). If these infrastructures are destroyed by natural disasters (such as earthquakes, typhoon and flood), such will lead to the paralysis of the whole smart emergency management system. Furthermore, with the development of the internet and information technologies, the batteries and chips of some electronic devices (such as smartphones and electric vehicles) can be implanted with computer viruses, thereby detonating and posing a huge security threat (Ayres and Maglaras, 2016).

Major challenges and strategies of emergency management in smart cities

First, all the uncertainty problems or risks faced by human beings come from the limitations of human cognition, including cognitive limitations of natural society, network virtual society and human beings themselves. The primary challenge of new disaster risk management in smart cities come from the ‘new’—that is, people are not very familiar with many new disaster risks faced by smart cities (such as risks related to information leakage, technology ethics, cyber-attacks and physical infrastructures), and more risks are still hidden and unknown, requiring people to deal with them only once they emerge. Especially since 2020, the global outbreak and spread of COVID-19 has rapidly formed a volatility, uncertainty, complexity, and ambiguity (VUCA) society. The advent of this VUCA society not only further accelerates the differentiation of risk, but also the differentiation of risk in turn strengthens the crisis of the VUCA society. In terms of risk studies, the failure of traditional analysis technology leads to more and more blind spots in people’s cognition of risk, while the immaturity of new risk-analysis methods leads to more splits in people’s cognition of risk, and, as a result, people’s cognition and judgement of risk are more and more uncertain (Wen, 2023).

Second, the increased risk of new disasters in smart cities makes emergency management more difficult. Since intelligent technologies such as big data, IoT, cloud computing, AI and blockchain themselves breed uncertainty risks, the process of urban intelligent transformation based on intelligent technologies itself has certain uncertainty. For example, smart medical, smart electricity, smart transportation and other intelligent service systems have variable logic, and there are also operational difficulties challenging some of the public. Notably, this rapid and intelligent development has broken the living habits and rhythms formed by people for a long time. In particular, the rapid popularity of the internet, smartphones and social media platforms has encouraged the public opinion of various emergencies to rapidly ferment, which easily impacts people’s sense of security about the certainty of daily life and can even cause social panic. With the acceleration of the construction process of smart cities, these uncertain characteristics from different social fields have become more prominent and finally internalised into people’s common cognition of smart cities. As a result, the emergence of unconventional emergencies in smart cities is more like a self-proved prediction, which quickly penetrates the smart city system and poses a major threat to the normal operation order of smart cities.

Third, the boundary between people, machines and things in smart cities is broken; all kinds of intelligent service systems in the city are deeply connected, and the risk vulnerability of a certain aspect is likely to quickly spread to the whole system of smart cities in a kind of ‘butterfly effect.’ For example, as shown in Fig. 5, risks related to information infrastructure (B1) and physical infrastructure (B2) can also lead to some other risks, such as cyber-attacks (E1), technology ethics (C5), cyberterrorism (E3) and online mass incidents (E2). Moreover, the relationship between different types of risks is not a simple superposition, but the nonlinear connection that breaks time and space, leading to a further magnification of risks, ultimately producing serious social harm. For example, the beginning of the COVID-19 pandemic was only a typical public health emergency, but due to limitations of people’s cognition and lack of risk awareness, it eventually evolved into a profound global public crisis that brought great harm to the safety of human life and property. Its long duration also seriously affected people’s normal production and life order, even causing psychological damage. In addition, as the frequency and depth of interactions between people, machines and things of smart cities continue to increase, information security risks in cyberspace can spread quickly through information systems, posing a threat to the security infrastructure in smart cities (Shelton et al., 2015). Conversely, the destruction of urban infrastructure caused by natural disasters such as earthquakes and floods in smart cities will inevitably impact the smart service systems built on these infrastructures.

Therefore, the emergency management system in smart cities first should pay more attention to these new disaster risk factors. In particular, there is an urgent need to develop analysis techniques suitable for new disaster risks, considering the interactions among different risk factors. In addition, from the perspective of technology, many new disaster risks in smart cities originate from various information and internet technologies, and we must use technology to fight back. As such, future studies should pay more attention to the development of risk monitoring and warning technologies, thus improving the capability of disaster risk identification. Second, as the complexity of disasters in smart cities continues to increase, the emergency management system in smart cities should include multiple participants (such as the government, enterprises and the public) and strengthen the construction of the collaborative emergency management capability with multiple subject participation. In particular, as discussed above, factors related to people (such as risk perception, mis-operation, intentional behaviour and psychological factors) also direct or indirect new disaster risks of smart cities. Consequently, the construction of emergency management systems in smart cities should pay more attention to the public’s emergency capability—not only to the capabilities suggested by previous studies, such as emergency consciousness and attitudes, emergency knowledge and skills, emergency information and communication capabilities (Wang et al., 2023), but also to the knowledge and skills related smart technologies and smart emergency management platforms. Third, according to our findings, infrastructures (both information infrastructure and physical infrastructure) are important factors related to many new disaster risks of smart cities. For this reason, enhancing the security and resilience of infrastructures is also an important way to improve the resilience of smart cities. Finally, more laws and regulations are urgently needed to regulate the development and application of various smart products (such as various apps and smart management platforms), especially in the process of collecting, analysing and applying personal information, so as to better protect the public’s privacy and reduce related risks.

Strengths and limitations

This study developed a fuzzy DANP-ISM method for evaluating the complex factors that influence risks in smart cities by combing DEMATEL, ANP and ISM techniques. Compared to using the DEMATEL or ISM model alone, the fuzzy DANP-ISM method can not only screen the status and causal relationships of various new disaster risk factors in the complex systems of smart cities but also determine the critical factors by calculating weights and can clarify the internal structure and logic among new disaster risk factors of smart cities (Zhai et al., 2024). Therefore, on the one hand, the fuzzy DANP-ISM method provided a methodology reference for other researchers in the field of disaster risk reduction; on the other hand, it is a powerful tool that could be used to analyse the unique interplay of risk factors in smart cities by municipal managers. In addition, this study has explored the importance of various factors on the new disaster risk factors of smart cities and their interactions, identifying the critical factors related to new disaster risks of smart cities by using the fuzzy DANP-ISM method, and further discussed the challenges and strategies of emergency management in smart cities, which provides significant reference for the emergency management capability construction of smart cities.

However, this study also has some limitations that future research can address. In terms of methodology, first, this study adopted the method suggested by Wang et al. (2023). An initial relationship matrix was generated by calculating the arithmetic mean of 10 experts’ opinions, which might have caused some important information to be lost and thus affected the accuracy of the findings. Second, although many studies have shown that integrating triangular fuzzy numbers into DEMATEL can, to a certain extent, weaken the subjective influence of expert scoring (Zhai et al., 2024; Zhou et al., 2011), some other scholars believe that triangular fuzzy transformation will lead to the loss of information and greatly reduce the consideration of fuzzy information (Zhang et al., 2023). Future studies should further optimise the calculation method of the fuzzy DANP-ISM model developed in this study to retain as much original information as possible so as to provide a more powerful tool for emergency managers to analyse new disaster risks in their own smart city. Third, in this study, experts were allowed to use only a single information type (score) to express their opinions. However, in real-world situations, different information types (such as numerical values, interval values, linguistic information and body language) are often used to describe given problems (Zhang et al., 2025). In addition, dynamic evolution is also an atypical feature of new disaster risk factors in smart cities. Therefore, future studies need to pay attention to multiple types of information and dynamic evolution; the critical factors can be identified by calculating dynamic degrees of different factors (represent by multiple types of information) at each moment.

In terms of the identification of new disaster risk factors in smart cities, first, due to the rapid development of technology and the limitations of human cognition on smart cities, some risks of smart cities are still hidden and unknown. Therefore, the index system of new disaster risk factors’ effects on smart cities constructed in this study cannot include all risk factors. Future research should build a more comprehensive risk factor index system of smart cities by improving the method of risk analysis. Second, the factors influencing new disaster risks associated with smart cities proposed in this study mainly stem from previous studies, and future studies can explore risk factors of smart cities derived from social media users’ opinions by using text- or video-mining methods based on machine learning. This could not only make up for the limitations of theoretical research on risk analysis but also give full play to the importance of public wisdom in the process of risk governance in smart cities. Third, although the new disaster risk factors of smart cities were selected from both Chinese and English studies, the experts who evaluated these factors mainly hail from China; as a result, the critical factors of new disaster risks in smart cities identified in this study may not be applicable to other countries. Future research should select diverse experts from different cultural, economic and political environments to further explore the universal features of new disaster risk factors in smart cities and provide references for global smart city governance.

Conclusions and implications

The importance of smart city continues to grow and is recognised as a key result of the fourth industrial revolution (Park, 2019). Although many disaster risks in smart cities are still hidden and unknown, we cannot ignore their great threats to smart cities. This study analysed new disaster risks influencing factors of smart cities using a fuzzy DANP-ISM model, the main conclusions are as follows:

  1. (1)

    A combined method of DEMATEL, ANP and ISM is proposed to explore the importance of various factors on the new disaster risks of smart cities and their interactions, which not only provided methodology reference for other researchers in the field of disaster risk reduction but provided a powerful tool for risk governance. A small panel composed of municipal managers and local experts is well-suited to analysing the unique interplay of risk factors in smart cities using this method, building local confidence on risk prevention and generating practical, actionable results.

  2. (2)

    Based on the fuzzy DANP-ISM method, this study constructed an indicator framework of new disaster risk influencing factors of smart cities, and identified eight critical factors of new disaster risk factors in smart cities, including online mass incidents, cyberterrorism, technology ethics, information infrastructure, physical infrastructure, information overcollection, cyber-attacks, and information leakage. Among them, information infrastructure and physical infrastructure are primary factors, with other factors being influenced by them.

  3. (3)

    Based on the critical factors of new disaster risks influencing factors in smart cities and their interaction relationships, this study further discussed major challenges of emergency management in smart cities, including people are not very familiar with many new disaster risks faced by smart cities, the uncertainty of disaster risks in smart cities has increased significantly, and the coupling characteristics of disaster risks in smart cities have significantly increased.

  4. (4)

    Finally, we proposed suggestions for better addressing these challenges, including use technology to address new disaster risk factors originated from various information and internet technologies, strengthen the construction of the collaborative emergency management capability with multiple subject participation, improve the security and resilience of infrastructures in smart cities, and issue more laws and regulations to regulate the development and application of smart products.

This study is not an important summary and development of previous research on the new disaster risks of smart cities, but also provides significant theoretical and methodological references for the construction of emergency management capabilities in smart cities. In particular, the fuzzy DANP-ISM method developed in this study offers a powerful tool for municipal managers in smart cities to analyse the unique interplay of new disaster risk factors.