The new Cybersecurity Label creating a clearer path to better cybersecurity for European small businesses
September 2021 by Marc Jacob
Companies are nowadays experiencing cyber-attacks on a daily basis. A cyber-attack can cost them on average €25,000. Smaller businesses are often targeted and hit harder, suffering repeat attacks which can lead to damaged reputations and potential closure. Despite this, cybersecurity is still often an after-thought for many small businesses, with only half of European SMEs (Small and Medium Enterprise) investing adequately to address the issue.
Help though is at hand, with the launch of a brand-new Cybersecurity Label. The Label targets Europe’s small businesses, especially start-ups and micro-SMEs that are approaching the IT security assurance landscape for the very first time. Created in a partnership between SGS, one of the leading global testing, inspection and certification companies, and the EC-funded initiative cyberwatching.eu, the Cybersecurity Label represents an important first step for small-sized companies to understand their current cybersecurity weaknesses. This means that they are better informed on their current status, how to act to improve their cybersecurity posture and potentially explore the benefits of certification.
With the EU Cybersecurity Act coming into force less than a year ago providing an EU-wide harmonised framework to certify ICT products and services, cybersecurity certification can really be a market differentiator for businesses. Certifications can help companies act with confidence and assure their customers and partners of their ability to defend themselves from cyberattacks and data breaches. However, for an SME, micro-enterprise or start-up, the first steps to certification can be both complex and daunting.
Lucio González Jiménez, CyberLab Madrid Manager at SGS and member of the author-team behind the tool explains: “With so many standards, schemes and methodologies around, the landscape can be confusing. The Cybersecurity Label is a robust but lightweight first step for small businesses to carry out a self-assessment to understand where their weaknesses and priorities lie. Businesses need to carefully analyse their cybersecurity posture. The label represents a vital step to understand the critical assets a company should protect to run its business, which assets are critical for customers, and to diligently assess all processes and procedures.”
The Cybersecurity Label is an online tool which is organised into a simple online questionnaire. Responses are evaluated according to 8 domains which are the starting point of the general process of certification. This covers requirements in fields such as software, protocols, services, hardware, infrastructure, security policy, external providers and critical business products.
Nick Ferguson, Senior project manager at Trust-IT Services and coordinator of the cyberwatching.eu project which has funded and created the tool adds “The label is unique in helping companies to carry out a self-assessment which is built on relevant parts of key standards such as ISO 27001, 22301 and the NIST directive. It is essential to help a small business assimilate clear concepts and smooth the path to further action. In the long-term, companies can save time, money and avoid frustration in their journey to either enable certification or improve compliance to regulations.”
The Label will be sustained by cyberwatching.eu and its consortium partners which include the Spanish cybersecurity cluster AEI. It will become one of the key assets of the Spanish Cybersecurity Innovation Hub CyberDIH which supports SMEs and is part of a broad EU-wide network of national hubs. Marina Ramírez Jiménez, AEI explains. “We’re very excited about the launch of the label and its value not only to European SMEs, but also to the whole ecosystem in terms of helping companies to improve their cybersecurity posture. This is key to creating a trusted digital economy in Europe and can be a vital asset for our network of SMEs that are part of the cybersecurity innovation hub”. The label was launched in July at the cyberwatching.eu Concertation Meeting which saw European cybersecurity experts from research, policy and business worlds come together.