Cybersecurity is rapidly becoming a critical activity in many enterprises, due to the increasing number of cyberattacks and cybercrime. Cyberattacks often target small and medium-sized enterprises, because cybercriminals expect information in SMEs to be less protected than in large enterprises. Protection against cyberattacks is an important element in ensuring that SMEs can protect their economic interests, reputation and intellectual property, and the information assets of their customers and business partners.
Sound cybersecurity is a growing need for all types and sizes of enterprises. Although various international and national cybersecurity strategies and other initiatives address enterprise cybersecurity needs and measures, the Cybersecurity Guidance for Small and Medium-Sized Enterprises specifically addresses the SME scenario and its typical resources, budget and technical-skills limitations. It offers SMEs a practical and manageable tool for planning, implementing and maintaining good cybersecurity at affordable cost.
This Cybersecurity Guidance provides additional guidance for multinational enterprises that have business interests outside of their home country, regardless of enterprise size. It is not designed to be binding or definitive, and is based on the COBIT 5 framework and its family of products from ISACA.