For SMEs: risk assessment, Digital Product Passport & prioritized action plan — practical, scalable, and aligned with the EU Cyber Resilience Act.
Built with SMEs for SMEs — made & hosted in Germany
More attacks, more regulation, less time. Ransomware, supply-chain risks, EU requirements (incl. the Cyber Resilience Act), and limited IT capacity increase pressure.
The Cyber Resilience Institute makes product security understandable, plannable, and measurable for SMEs.
Sources 2024–2025. Links point to original publications.
According to the Allianz Risk Barometer 2025, cyber incidents are the top global risk (for the 4th year in a row).
Bitkom, Aug 2024 estimates ≈ €267 bn p.a.; also covered by Reuters.
Cyber Resilience Act effective since 10 Dec 2024; core obligations apply from 11 Dec 2027. Overview: Cyberstand.
IBM Cost of a Data Breach 2024: average US$4.88 m per incident (global).
ENISA Threat Landscape 2024: ransomware & availability attacks dominate (Jun 2023–Jul 2024).
BSI Situation Report 2024: still strained, with focus on ransomware & professional attackers.
Modular and scalable — each package delivers clear outcomes, transparent priorities, and a roadmap with realistic effort estimates.
Analysis of devices, software & interfaces — including threat modeling, a risk matrix, and actionable to-dos.
Your Digital Product Passport as a conformity artefact — security features, SBOM notes, update process & responsibilities.
Role-based for engineering, IT & operations — with checklists, exercises, and tailored learning paths.
Your customized action plan — from secure boot and patch processes to supply-chain controls.
Feedback on collaboration, speed, and impact.
Google review
“Risk assessment and the Digital Product Passport were ready within weeks. We knew exactly which actions mattered first. Highly recommended.”
LinkedIn recommendation
“No theory paper: clear to-dos, ownership, and timeline. Training noticeably improved awareness.”
Google review
“Security priorities in engineering were clarified. Fewer loops — faster, compliant releases.”
The CRA is an EU regulation on the cybersecurity of connected products. It has applied since 10 Dec 2024; core obligations take effect from 11 Dec 2027. Transition periods vary by product category.
It documents security features, update processes, and responsibilities — evidence for customers, partners, and auditors, and a foundation for repeatable conformity.
We define system boundaries & interfaces, build a threat model, prioritize risks (matrix), and deliver to-dos with effort/benefit estimates. Optional: digital twin & attack simulation.
From the first risk analysis to the Digital Product Passport — all from one partner.
