Cybersecurity Guidance for Small and Medium-Sized Enterprises


January 2015

Cyber security is rapidly becoming a critical activity in many enterprises, due to the increasing number of cyber-attacks and cybercrime. Cyber-attacks often target small and medium-sized enterprises (SMEs), because cybercriminals expect information in SMEs to be less protected than in large enterprises. Protection against cyber-attacks is an important element in ensuring that SMEs can protect their economic interests, reputation and intellectual property, and the information assets of their customers and business partners.

Sound cyber security is a growing need for all types and sizes of enterprises. Although various international and national cyber security strategies and other initiatives address enterprise cyber security needs and measures, the Cybersecurity Guidance for Small and Medium-Sized Enterprises specifically addresses the SME scenario and its typical resources, budget and technical-skills limitations. It offers SMEs a practical and manageable tool for planning, implementing and maintaining good cyber security at affordable cost.

The Cybersecurity Guidance book provides additional guidance for multinational enterprises that have business interests outside of their home country, regardless of enterprise size. It is not designed to be binding or definitive, and is based on the COBIT 5 framework and its family of products from ISACA.