ENISA introduces cybersecurity assessment tool for SMEs

ENISA introduces cybersecurity assessment tool for SMEs

ENISA introduces cybersecurity assessment tool for SMEs

https://dig.watch/updates/enisa-cybersecurity-assessment-tool-for-smes

Publish Date: 2026-07-14 09:11:00

Source Domain: dig.watch

Many SMEs require additional guidance and financial support to meet Cyber Resilience Act requirements, ENISA found.

The European Union Agency for Cybersecurity (ENISA) has introduced a Cyber Resilience Maturity Assessment Model to help micro, small and medium-sized enterprises (SMEs) strengthen cybersecurity and prepare for the EU’s Cyber Resilience Act (CRA). The framework offers a structured way for organisations to assess their current cyber resilience, identify weaknesses and improve product security over time.

Designed primarily for manufacturers of products with digital elements, the framework provides a structured way for organisations to assess their cyber resilience, identify weaknesses and improve product security over time. It evaluates five areas, such as governance, risk management, vulnerability management, product lifecycle management and cybersecurity skills.

Businesses are classified as having basic, intermediate or advanced cybersecurity maturity. A downloadable assessment tool allows organisations to track progress through repeated self-assessments, although ENISA notes that achieving a higher maturity level does not replace compliance with the CRA.

Alongside the framework, ENISA published the results of a survey of 194 organisations across 31 countries. While 66% of respondents were aware of the CRA, many said they had only a limited understanding of its practical requirements. Medium-sized companies generally demonstrated stronger cybersecurity maturity than micro-enterprises, with incident response and product lifecycle management emerging as the weakest areas.

More than 70% of SMEs said they needed practical support, including technical guidance and secure development templates. Respondents also cited limited budgets, staff and time as major barriers to compliance, prompting ENISA to recommend targeted guidance, financial support and stronger outreach to smaller businesses.

Why does it…

Source