CyberRiskCheck for small and micro businesses – simple and efficient

Cybersecurity doesn't have to be complicated
How threatened is Germany's cyberspace?

The IT security situation in Germany is very tense. Cyberattacks cause massive damage, costing German companies alone €179 billion, and reports to the BSI rose by 33% (726 reports). Ransomware is the biggest threat, with ransom payments rising sharply and global revenues of US$1.1 billion in 2023. SMEs and local authorities are particularly affected, with 72 local authorities and 1.7 million residents affected by successful attacks on IT service providers. The CrowdStrike incident (July 19, 2024) caused $5.4 billion in damage, solely due to a faulty update. (As of 2024)

The attack surface is broad: many Exchange servers and Android devices are vulnerable, and vulnerabilities are constantly increasing. Around 21,000 infected systems are reported every day. The top threats to society, the economy, and the state include identity theft, ransomware, and vulnerabilities in online servers.

These developments underscore the urgent need for comprehensive and adaptive security measures.

Everyone is attacked, there are no exceptions!

IT security is a matter for top management!

Many small and micro enterprises (SMEs) want to improve their IT security but don’t know where to start. Existing standards such as the BSI’s IT Baseline Protection Compendium or the ISO/IEC 27001 standard are often too complex and resource-intensive for companies with fewer than 50 employees.

With the new DIN SPEC 27076 consulting standard, companies with up to 50 employees can work with an IT security service provider to assess their IT security, identify vulnerabilities, and secure their business in a cost-effective manner.

As a qualified IT service provider for the German Federal Office for Information Security (BSI), we at ASTRAN are authorized to perform the CyberRiskCheck in accordance with DIN SPEC 27076.

CyberRisikoCheck_Logo_big
Procedure

1. Preliminary meeting

Who should attend the meeting? How long will the interview take? What does the company expect?
During this meeting, we will also inform you about current support programs for small and medium-sized enterprises (SMEs, including micro-enterprises). This support can help you implement the recommended measures and strengthen your IT security in the long term.

2. Recording the current status

Our experts perform the CyberRiskCheck in accordance with DIN SPEC 27076 and identify vulnerabilities. Target/actual comparison using the requirements and questionnaire catalog. Evaluation based on a standardized scoring model.

Topics:
| Organization + awareness
| Data backup
| Protection against malware
| Identity and authorization management
| Patch and change management
| IT systems and networks

3. Evaluation and results report

After recording your current status, we evaluate your status and use this to develop specific recommendations for action. We summarize the results for you in a compact and understandable report that complies with DIN SPEC 27076.

4. Presentation of results and recommendations for action

Together, we will discuss the results of the assessment in detail and point out your individual weaknesses. All findings are clearly summarized in a results report. This will give you a clear overview of your current cybersecurity situation:

| Classification of your risk status
| Visualization of your risk profile
| Raising awareness of cyber security
| Clear recommendations for action

The report includes a spider chart that clearly shows target values and your individual actual status. You will also receive specific and easy-to-implement recommendations for action to improve your IT security in a targeted manner.

The most important IT questions
CyberRiskioCheck
CyberRisikoCheck
The customized IT security check for small and micro businesses

DIN SPEC 27076 “IT Security Consulting for Small and Micro Enterprises” and the CyberRiskCheck based on it were developed under the direction of the Federal Office for Information Security (BSI) in collaboration with 21 partners.

Why is CyberRiskCheck particularly suitable for SMEs?
| SMEs have different priorities and budgets than large companies. We understand these challenges because we are an SME ourselves.
| Thanks to our experience from numerous IT projects, we know what matters.
The CyberRiskCheck is a low-threshold and cost-effective solution that has been specially developed for SMEs.

How CyberRiskCheck works:
🔍 Review of 27 requirements from six subject areas
📋 Individual recommendations for action for unmet requirements
⏳ Measures prioritized according to urgency
🕒 Duration: approx. 3 hours

Important: CyberRiskCheck is not an IT security certification, but rather a practical assessment of your current situation. It shows you which specific measures you should implement yourself or outsource to an IT service provider.

After the Cyber Risk Check

After the check, we not only support you in implementing the recommended measures, but also accompany you beyond that. Our goal is to strengthen SMEs in their IT security strategy in the long term. Together, we train and sensitize your employees, for example.

Take advantage of BAFA funding

With ASTRAN, you are in good hands and can also benefit from BAFA funding. As an officially listed consultant with the BAFA, we offer you the opportunity to receive funding for your consulting projects.

We take care of the entire registration process with the BAFA for you. Our service includes handling the entire application process, allowing you to concentrate fully on your core business. Further information.

Support-Klötze
Let's work together to improve your company's IT security! Contact us—we will guide you competently through the CyberRiskCheck.
Contact us NOW
We look forward to hearing from you.


    Our references
    • PSI
    • TransnetBW
    • CORYS
    • Zedas
    • RailComplete
    • Zöllner
    • everii Group
    • Neovendi
    • StromnetzHH
    • SIGNON
    • TranSys
    Back to top of page