Cybersecurity for small and medium-sized enterprises

a lightweight Cybersecurity framework for thorough protection


Cyber Threats to SMEs


of SMEs have no systematic approach for ensuring Cybersecurity


would struggle to recover from data loss, and 20% would not be able to


of SMEs have experienced a cyber attack or breach in 2016

Small and medium-sized enterprises (SME) are the new big target for cyber attacks. SMEs see themselves confronted 
with a large variety of cyber threats.

survey results

Top Cyber Threats for SMEs

1. Distributed Denial of Service (DDoS)
2. Using Known Vulnerable Components
3. Broken Authentification and Session Management
4. Security Missconfiguration
5. Injection
6. Cross Site Scripting (XSS)
7. Sensitive Data Exposure
8. Garbage Data
9. Internal Threats (Malicious Insiders)
10. Insecure Direct Object References
11. Cross Site

* according to survey conducted by SMESEC among SMEs

Learn more about all current threats and how to mitigate them, as well as the general importance of Cybersecurity for SMEs.


The SMESEC framework

 & Training Tutorials
Definition & Recommendation Tools
Vulnerability Discovery & Resolution Tools
Threat Protection 
& Response Tools
Lessons from Testing & Validation

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats. As an SME, you find vulnerabilities and address them with simple tutorials, tools, and lessons-learned – all by yourself.


Benefits from using the SMESEC framework

Do it yourself

Step-by-step guidance for 
meeting customer requirements 
and standards

Keep the investment small

Cost-effective tutorials 
and tools suitable for a busy environment

Keep it simple

Practices adapted to your company instead of complicated 
formal policies and procedures

The SMESEC consortium understands the SMEs environment, which may be busy, hectic, and diverse. SMESEC will offer a framework that is based on up-to-date information about Cybersecurity facts and events and makes Cybersecurity available to all employees. The SMESEC framework will allow an SME to build Cybersecurity itself, require just little investment, and avoid complicated formal policy and procedures. The use of the SMESEC framework will make Cybersecurity accessible for SME and help to prevent and mitigate cyber risks of a large part of the European economy.