Basic Cybersecurity Risk Management for SMEs (CyberSuite)
This self-paced course equips Small and Medium-Sized Enterprises (SMEs) with a practical, non-technical approach to understanding and reducing cybersecurity risk. Participants learn to define cyber risk using likelihood and impact, identify critical assets and vulnerabilities, and prioritise risks using simple 1–5 scoring scales.
The course is developed within the CyberSuite project, which aims tackle prevailing challenges in cybersecurity services by simplifying processes, including streamlining the design, configuration, deployment, and management of these services, specifically catering to SMEs lacking dedicated cybersecurity resources.
About this course
The course introduces a clear 5-step risk management process tailored to SMEs and focuses on high-value controls such as multi-factor authentication (MFA), backup and restore testing, access control, and payment verification procedures. Learners also explore incident preparedness using a structured first-hour response checklist and contact plan.
Practical templates are included (Asset & Process List, Starter Risk Register, Top 5 Controls Action Plan, and First-Hour Incident Plan), enabling immediate implementation without technical complexity.
Learning outcomes
By the end of the course, participants will be able to write clear risk statements, prioritise risks effectively, select realistic SME-friendly controls, and respond more confidently to common cyber incidents.
