News Item

Diagnose your SME’s Cybersecurity and Scan for Recommendations

The European Union Agency for Cybersecurity (ENISA) releases a tool to help Small and Medium Enterprises (SMEs) assess the level of their cybersecurity maturity.

Published on March 28, 2023

Standing as a major driver for innovation and growth in the EU and as key actors of our economy, SMEs are constantly facing cybersecurity challenges. This is why it is essential to support them in addressing these challenges and in identifying improvements.

The cybersecurity maturity assessment tool designed by ENISA supports those small and medium-size businesses who seek to understand their current cybersecurity maturity level.

Thanks to this tool, they will be able to define the risks they face. They will also be given a remediation plan to mitigate them and improve their maturity.

The tool includes the following features: 

  • Cybersecurity evaluation: Based on several questions, this online tool assesses whether your organisation is at a foundation, advanced or expert maturity level adapted to the size of your business, available budget, sector of activity, generic asset identification, etc. in order to compare it with other similar businesses; 
  • Top cybersecurity and a personalised action plan: the tool also provides an action plan to help organisations benefit from tailor made follow-up actions and increase their cybersecurity level based on recommendations adapted to current best cybersecurity practices.

Configured around 3 key areas, the tool allows for the assessment of:

  • People: to assess whether staff or employees are prepared to face cyber threats;
  • Technology: to understand the technology used and how to select and implement best cybersecurity practices;
  • Processes: to ensure the organisation has the right processes in place to deal with cybersecurity risks.


ENISA supports SMEs and the EU Member States in order to:

  • Elevate the understanding of cybersecurity risks and cybersecurity threats, e.g. phishing, ransomware (based on ETL, sectorial threats, etc).
  • Raise awareness and promote best cybersecurity practices across the EU and globally.
  • Promote closer coordination and exchange of best practices among MS regarding cybersecurity topics related to small and medium size businesses (SMEs).
  • Enlarge the community of multipliers through the EU national authorities, national associations, chambers of commerce, organisations, etc.

This work contributes to the implementation of then updated Network and Information Security (NIS2) Directive by helping Member States with the required policies they need to adopt in order to strengthen the cyber resilience and the cyber hygiene baseline of small and medium-size enterprises. The majority of SMEs are excluded from the scope of the Directive due to their size and this work provides easily accessible guidance and assistance for their specific needs.

Further information

ENISA Cybersecurity Maturity Assessment for SMEs


Cybersecurity for SMEs - Challenges and Recommendations - ENISA report 2021

Cybersecurity guide for SMEs - 12 steps to securing your business - 2021

From our ENISA YouTube Channel

Ransomware campaigns targeting SMEs

Be aware, be prepared – Cybersecurity tips for SMEs – Protect your business

Be aware, be prepared – Cybersecurity tips for SMEs – Fight ransomware

Be aware, be prepared – Cybersecurity tips for SMEs – Protect your customers


For press questions and interviews, please contact press (at)

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies