SMEs are key players in most economies and highly contribute to improving human welfare worldwide. They are, however, hit hard by cyber risks; 60% of small companies are out of business within 6 months after a cyberattack. Because of their typically low equity ratio, they are more vulnerable than larger enterprises to external events.
To reduce the effect of cyber risks, organizations need to align their cybersecurity maturity to their risk appetite. Cybersecurity maturity is managed and measured through standards such as the ISO27001 and the NIST Cybersecurity Framework. SMEs, however, are unable to effectivity adopt these standards because of high implementation cost, lack of resources, lack of technical solutions, lack of awareness, etc.
“SMEs cannot adopt current cybersecurity standards effectively because of the lack of standards tailored toward SMEs.”