Small and medium enterprises (SMEs) play a decisive role in EU economy; however, they are attractive targets for cyber-attacks. Since they have specific characteristics, less security, and fewer resources for cybersecurity measures than large companies.

The article describes the SMESEC project. SMESEC develops a tailor-made cybersecurity framework for SMEs which considers both technical solutions and human-organisational aspects. Regarding SMESEC use-case partners’ requirements and feedback, it provides a state-of-the-art cybersecurity framework, cost-effective solutions and cybersecurity awareness and training courses. In the development phase, we have considered the great importance of usability and automation, cyber situational awareness and control for end-users, human factors in the design process, and current best practices and standards related to SMEs. This framework takes account of the use-case partner’s cybersecurity requirements through an innovative process to integrate various solutions working in an orchestral way. Also, the future innovative approaches to SMESEC’s tools are prioritized based on increasing simplicity of security tools, increasing protection level, cost-effectiveness, supporting training and awareness, and rising interconnection.

SMESEC intends to be a holistic security framework due to growth in the number of SMEs willing to tackle their cyber-security issues. Thus, the SMESEC principal objectives are: developing an automated cybersecurity assessment engine, offering relevant feedback to SMEs regarding their cybersecurity behaviour and vulnerabilities, and aligning SMESEC innovations with international links and, in turn, providing inexpensive and effective security recommendations.