In response to the increasing cyber threats that European SMEs face, DIGITAL SME has created the first Information and Sharing Centre intended to support SMEs with cybersecurity, regardless of sector. This group, open to all, shares cybersecurity information and best practices, helps SMEs with compliance, develops resources and tools for companies and brings together a strong expert community from SMEs. Join the group to access the resources, help develop new tools and stay up to date with the latest information on cyber threats, compliance needs and SME support mechanisms, including funding.
As the digital realm confronted a surge of ransomware attacks in the first quarter of 2023, totaling 36 identified gangs, a staggering revelation emerged: SMEs constituted 87% of affected companies.
*Source: "The Ransomware Landscape in Europe" report
CHAIR
University of St. Gallen
MEMBERS
Davide Giribaldi, Swiss Cyber Com SA
Giulia Lansarotti, Muscope Cybersecurity Srl
Patricia Shields, Cyber Cert Labs
Dusko Rodic, Advanced Cybersecurity
Anthony Senter, ATOMNIA,
David Mai, IDEMIA
Oliver Morbach, Exponential World
COORDINATOR
Managing compliance with the Cyber Resilience Act and the NIS2 Directive
Are you in scope of the NIS2?
See how the CRA will affect you
Resources for SMEs
Guides for SMEs
Other resources
DIGITAL SME’s Guide for SMEs is aimed at companies that need to show their customers that they are a secure supplier, in line with the NIS2 requirements. Companies in scope of the legislation are required to validate the security posture of their suppliers, and by following our guide, SMEs can prepare for this.
This Guide was developed by an ad-hoc group created by experts of the DIGITAL SME Working Groups Standards and Cybersecurity and Data Protection.
This guide supports SMEs in understanding and applying ISO/IEC 27001 for information security management systems. With the publication of the 2022 revision of the standard, an update was necessary to reflect the new requirements and adapt to the European cybersecurity landscape. The new edition of the Guide continues to provide SMEs with a practical and accessible tool to strengthen their information security management aligned with international standards
Reports
ENISA Threat Landscape Report 2025
Cybersecurity threats are no longer reserved for major corporations. This report from ENISA makes it clear that cybercriminals are industrialising their attacks, making even SMEs high-value targets.
The key findings of the report underscore that basic cyber hygiene and robust resilience measures are vital for every private organisation. DIGITAL SME have extracted key takeaways to help the members of the ISAC develop their resilience.
Ransomware Landscape in Europe H1
The report indicates an in-depth rise of ransomware attacks, followed by phishing campaigns carried out in the same yearly timeframe. Divided in four total quarters, 2023 has faced a steady peak of attacks already in Q1, where 7,772 new Common Vulnerabilities and Exposures (CVEs) were published, underscoring once again the ever-evolving and dynamic nature of cyber vulnerabilities.
Ransomware Landscape in Europe H2
In the second half of 2023, there was a marked rise in targeted cyberattacks focused on data theft and demanding ransom for the restoration of compromised systems. From the first to the second half of the year, the incidence of cyberattacks increased by 11%. During this period, the number of affected countries rose from 89 to 94, and the number of active ransomware groups also saw an increase.
Assessments
Cyber Health Check
This is a quick self-assessment designed to help you understand your current level of cyber readiness.
CRA self-assessment check
The Open CyberSecurity Compliance Toolkit (OCCTET) is designed to help Small and Medium Enterprises (SMEs) evaluate their readiness for the EU Cyber Resilience Act (CRA) — especially when using Free and Open Source Software (FOSS) in digital products.
