Increasing the maturity of SMEs with respect to cybersecurity threats is crucial as they are less prepared and less resilient. They are also increasingly exposed and targeted by malicious actors. Providing support means ensuring an effective ecosystem is available to help companies all along the process. Resources have to be available, from raising awareness to performing audit, increasing protection and building response capabilities.
In this paper, we report about the progress achieved after one year of deployment of a Belgian cybersecurity initiative focusing on SMEs. An important goal is to make sure minimal requirements will be checked and enforced by cybersecurity experts while letting them use their own methodology. We explain how the expertise is validated using an evaluation grid based on the NIST Cybersecurity framework and CIS 20 criteria directly reflecting protection priorities for SMEs. We also highlight some interesting characteristics and lessons learned in our data set of 25 experts evaluated so far.