In this paper, the cyber-security of smart microgrids is thoroughly discussed. In smart grids, the cyber system and physical process are tightly coupled. Due to the cyber system’s vulnerabilities, any cyber incidents can have economic and physical impacts on their operations. In power electronics-intensive smart microgrids, cyber-attacks can have much more harmful and devastating effects on their operation and stability due to low inertia, especially in islanded operation. In this paper, the cyber–physical systems in smart microgrids are briefly studied. Then, the cyber-attacks on data availability, integrity, and confidentiality are discussed. Since a false data injection (FDI) attack that compromises the data integrity in the cyber/communication network is one of the most challenging threats for smart microgrids, it is investigated in detail in this paper. Such FDI attacks can target state estimation, voltage and frequency control, and smart microgrids’ protection systems. The economic and physical/technical impacts of the FDI attacks on smart microgrids are also reviewed in this paper. The defensive strategies against FDI attacks are classified into protection strategies, in which selected meter measurements are protected, and detection/mitigation strategies, based on either static or dynamic detection. In this paper, implementation examples of FDI attacks’ construction and detection/mitigation in smart microgrids are provided. Samples of recent cyber-security projects in the world, and critical cyber-security standards of smart grids, are presented. Finally, future trends of cyber-security in smart microgrids are discussed.