Moving Beyond Static Assessments: The Case of Swiss Industrial Smes

As digitalization progresses, Swiss industrial small and medium-sized enterprises (SMEs) face increasing vulnerabilities due to limited resources, insufficient cybersecurity awareness, and reliance on shadow information technology (IT) systems [1]. To address these challenges, this research introduces a practical cybersecurity self-assessment tool tailored to the specific needs of Swiss SMEs, particularly those outsourcing IT services. Developed iteratively and implemented via LimeSurvey, the tool enables SMEs to assess their cy-bersecurity posture and identify areas for improvement. Structured around the six dimensions of the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF) - Govern, Identify, Protect, Detect, Respond, and Recover - it encompasses 17 key criteria and 43 diagnostic affirmations, each accompanied by actionable recommendations. This approach synthesizes existing frameworks and research focused on SMEs' cybersecurity requirements. Our findings underscore that SME managers require prescriptive guidance on enhancing their cybersecurity maturity, rather than descriptions of their current maturity levels. A preliminary field evaluation has been conducted, aligning the tool with real-world needs and expectations, thereby ensuring its practical relevance and effectiveness.