The SMEs (12‑Month Plan)
A realistic, step‑by‑step 12‑month roadmap for SMEs that want to improve cyber security without a dedicated internal security team.
Who this roadmap is for
For SMEs that want a clear, achievable plan rather than a one‑off project or disconnected tools.
Quarter 1 – Foundations
- Asset inventory
- MFA everywhere
- Patch management
- Basic monitoring
- Staff awareness
Quarter 2 – Strengthening
- Backup strategy
- Access control
- Vendor review
- Policy creation
Quarter 3 – Maturity
- Incident response plan
- Supply chain review
- Compliance alignment
- Penetration testing
Quarter 4 – Optimisation
- Cost review
- Vendor performance review
- Roadmap refresh
- Board reporting
Download the PDF version
Download the 12‑Month Roadmap (PDF)