Standing as a major driver for innovation and growth in the EU and as key actors of our economy, SMEs are constantly facing cybersecurity challenges. This is why it is essential to support them in addressing these challenges and in identifying improvements.
The cybersecurity maturity assessment tool designed by ENISA supports those small and medium-size businesses who seek to understand their current cybersecurity maturity level.
Thanks to this tool, they will be able to define the risks they face. They will also be given a remediation plan to mitigate them and improve their maturity.
The tool includes the following features:
- Cybersecurity evaluation: Based on several questions, this online tool assesses whether your organisation is at a foundation, advanced or expert maturity level adapted to the size of your business, available budget, sector of activity, generic asset identification, etc. in order to compare it with other similar businesses;
- Top cybersecurity and a personalised action plan: the tool also provides an action plan to help organisations benefit from tailor made follow-up actions and increase their cybersecurity level based on recommendations adapted to current best cybersecurity practices.
Configured around 3 key areas, the tool allows for the assessment of:
- People: to assess whether staff or employees are prepared to face cyber threats;
- Technology: to understand the technology used and how to select and implement best cybersecurity practices;
- Processes: to ensure the organisation has the right processes in place to deal with cybersecurity risks.
ENISA supports SMEs and the EU Member States in order to:
- Elevate the understanding of cybersecurity risks and cybersecurity threats, e.g. phishing, ransomware (based on ETL, sectorial threats, etc).
- Raise awareness and promote best cybersecurity practices across the EU and globally.
- Promote closer coordination and exchange of best practices among MS regarding cybersecurity topics related to small and medium size businesses (SMEs).
- Enlarge the community of multipliers through the EU national authorities, national associations, chambers of commerce, organisations, etc.
This work contributes to the implementation of then updated Network and Information Security (NIS2) Directive by helping Member States with the required policies they need to adopt in order to strengthen the cyber resilience and the cyber hygiene baseline of small and medium-size enterprises. The majority of SMEs are excluded from the scope of the Directive due to their size and this work provides easily accessible guidance and assistance for their specific needs.
Cybersecurity for SMEs - Challenges and Recommendations - ENISA report 2021
From our ENISA YouTube Channel
For press questions and interviews, please contact press (at) enisa.europa.eu