Do SMEs really need cyber security?
Over 60% of all cyber attacks in Germany target SMEs — paradoxically, because corporations have better security under control. Phishing, ransomware and supplier compromise are the most common vectors. With the NIS2 directive (in force since 2024) many SMEs from 50 employees in regulated sectors are now legally required to implement minimum measures — violations can be sanctioned with up to €10m or 2% of annual revenue.
What does an IT security audit cost?
A compact IT security audit per BSI baseline protection for an SME with 30–100 employees typically runs €4,500–€12,000 — depending on number of IT systems, locations and depth. Penetration tests start at around €6,000 for a scoped web application audit. NIS2 compliance consulting as a project runs €15,000–€40,000 depending on maturity and sector.
What is NIS2 and who is affected?
The NIS2 directive is an EU regulation on cyber security implemented in German law since 2024. Affected are companies from 50 employees or €10m annual revenue in 18 regulated sectors — including energy, transport, health, finance, food, waste management, postal and digital infrastructure. Obligations: risk management, 24-hour incident reporting, technical and organisational measures, executive liability. Sekuris checks your applicability free of charge.
What is the difference between ISO 27001 and BSI baseline protection?
ISO 27001 is the international standard for information security management — technology- and sector-neutral, globally recognised, often required in industrial tenders. BSI baseline protection is the German standard from the Federal Office for Information Security with detailed measure catalogues — more precise in concrete implementation, primarily recognised in Germany. Both are compatible and can be combined. Sekuris advises on both and guides through certification.
Does Sekuris combine physical and digital security?
Yes — and that's our unique differentiator. Modern attacks often span both worlds: physical access to USB-enabled servers, social engineering via phishing plus on-site reconnaissance, OT security for networked production. Sekuris covers both sides: physical guarding, security technology, IT security. For larger mandates we deploy mixed teams of security officers and cyber consultants — particularly valuable at critical infrastructure sites.
How quickly do you respond to a cyber incident?
On acute incidents (ransomware extortion, data leak, phishing-led compromise) our incident response hotline is reachable 24/7. Initial response within 30 minutes, on-site within 4 hours in Erfurt, Munich, Mannheim, Stuttgart and Braunschweig — nationwide within 24 hours. We coordinate with BSI (reporting per §8b BSIG), law enforcement, data protection authority and cyber insurance. Evidence is preserved forensically.
