ENISA carried out in 2015 a project with the objective of providing a set of relevant recommendations on how to increase the adoption of information security and privacy standards by SMEs. Additionally, the report identifies and describes existing security and privacy standards that can be used by European SMEs.
An extensive analysis was conducted for the study, in order to investigate the perceived adoption of security and privacy standards in European SMEs; as well as the main drivers and barriers that can affect the level of adoption of these standards. The methodology consisted of interviews with subject matter experts and analysis of available studies in the area.
As European SMEs are increasingly dependent on their information systems to provide services to customers and meet business objectives, the use of new technologies brings new opportunities for enhanced business performance and operations but also introduces several information security and privacy risks. New information security and privacy standards are being drafted and proposed to support organizations to mitigate these associated risks.
Within this context, a wide and effective adoption of information security and privacy related standards by SMEs across Europe can be a beneficial factor for fostering their growth, competitiveness and innovation. The recommendations on how to increase adoption are targeted to EU and MS policy makers, standards developing organizations, and professional, industry and small businesses associations.
For the full report: Information security and privacy standards for SMEs