BackgroundThe design of software systems plays a crucial role in mitigating cybersecurity incidents. Security by Design (SbD) aims to ensure foundational security throughout the design process. However, it lacks a precise interdisciplinary definition. Comparing it with Privacy by Design (PbD), which has seen more conceptual development, highlights the need for a comprehensive understanding of SbD. ObjectivesThis study systematically searches and reviews relevant definitions of SbD in comparison with PbD. MethodFollowing PRISMA guidelines, we conducted a systematic review of SbD and PbD definitions, searching ACM Digital Library, EBSCO Library, IEEE Xplore, ProQuest, Scopus, and Web of Science. A total of 46 studies were included, identifying 86 definitions. Thirteen themes were identified, including ontology, object of protection, outcome to avoid, means of implementation, added value, and focus of the definition. ResultsDefinitions varied in their descriptions of SbD and PbD, the objects of protection, outcomes to avoid, means of implementation, and lifecycle focus. PbD definitions adopted a rights-based approach, anchored in Ann Cavoukian's principles and an interdisciplinary perspective. DiscussionSbD and PbD definitions lack clarity and uniformity. PbD is better defined, while SbD lacks anchorage and has varied approaches. Both should protect individuals and organizations, address cyber-attacks, and be implemented early in the development process. PbD is more comprehensive, involving technology and organization, while SbD focuses mainly on the technical product. PbD is associated with recognized rights, but the connection between SbD and human rights is unclear. Future research should clarify the specific value protected by SbD, adopt principles from PbD, and take an interdisciplinary approach.