Evaluate and enhance your SME's cybersecurity

ENISA, the European Union Agency for Cybersecurity does a tremendous effort to increase the cybersecurity and cyber resilience in the European Union. One of their latest efforts, is the release of a very interesting SME toolThis tool allows you to evaluate and enhance your SME’s cybersecurity maturity.

What does it do?

The tool has 2 parts: an evaluation part and an action plan part.

  • Evaluation part: based on several questions, this online tool assesses whether your organisation is at a foundation, advanced or expert maturity level adapted to the size of your business, available budget, sector of activity, generic asset identification, etc. in order to compare it with other similar businesses.
  • Action plan part: the tool also provides an action plan to help you benefit from tailor made follow-up actions and increase your cybersecurity level based on recommendations adapted to current best cybersecurity practices.

People, Process, Technology

If you have talked to Spinae before, you will definitely have heard us talk about People, Process & Technology. It is important to have the right people with the right knowledge, to have processes in place to act as intended and to have the supporting technology in place. This concept is applicable to many topics in an organization, including cybersecurity.

The ENISA SME tool is configured around these 3 key areas and allows the assessment of:

  • People: to assess whether staff or employees are prepared to face cyber threats;
  • Processes: to ensure the organisation has the right processes in place to deal with cybersecurity risks;
  • Technology: to understand the technology used and how to select and implement best cybersecurity practices.

How does it work?

The web-based tool can be found here: https://www.enisa.europa.eu/cybersecurity-maturity-assessment-for-small-and-medium-enterprises/#/ Click on the red ‘Start the assessment >>’ button. Create a new account (if you don’t have one already). First you will get some questions about your organization. This takes about 2 minutes. It is very valuable for you to know how you compare to your sector. Of course, ENISA therefor needs information on your organization. Then you will get questions about your current security posture. This will take about 15 minutes. Example of a question in the assessment of the Foundation Maturity level. After that, you are presented with the results in the form of an Improvement Action Plan. You can even use this SME tool to manage your improvement actions: assign tasks to certain people, register the status, write down comments, … Example of an action plan item for the Foundation Maturity level This action plan is focused on the Foundation maturity level. Once this action plan is completed, you can move towards the Advanced and the Expert maturity level. You can review your maturity score and your answers by selecting the green ‘Maturity Level’ button on the left hand side. Example of a reported maturity level

Now what?

Now that you have your assessment results and your action plan, you can use that to create your roadmap to increase your cybersecurity maturity. It can be daunting to read and interpret the output of this assessment and the action plan.

Tip: get the expert help you need to reach your goal!


ENISA has created a handy tool to perform a cybersecurity maturity assessment and to create a roadmap. It is tailored towards Small and Medium Enterprises (SMEs). It looks at People, Process & Technology.

It can be daunting to read and interpret the output of this assessment and the action plan. Or you might want a less generic and more specific assessment and action plan. Get in touch with our experts : we are happy to help you!