The Cyber Readiness Institute Releases Roadmap to Help Secure Small and Medium-sized Businesses

/ /

Non-profit Institute calls for establishing baseline security standards, a network of coaches, and establishing incentives to encourage SMBs to adopt strong cyber practices

NEW YORK, NY — November 21, 2022 — The Cyber Readiness Institute (CRI) is calling for public and private organizations to come together to establish baseline policies and best practices to help small and medium-sized businesses (SMBs) better secure their unique positions in the global supply chain. As part of its Roadmap for Preparing Small and Medium-Sized Businesses to be Cyber Ready, the non-profit Institute urges the creation of a Global Training Network of coaches to help educate small and medium-sized businesses (SMBs) on safe cyber practices.

Insights from SMBs and cybersecurity experts from leading organizations including Apple, General Motors, Mastercard, Microsoft, ExxonMobil, Principal Financial Group, and the Center for Global Enterprise helped CRI identify the recommended actions in the Roadmap. CRI is working with SMBs around the world to represent their perspectives with key decision-makers and to ensure that their needs are addressed. The roadmap is organized along three objectives:

  • Awareness: Address the knowledge gap among SMBs through strong partnerships with global organizations, and the sharing of data to help raise awareness of key cyber issues and available resources.
  • Implementation: Establish a baseline set of policies and procedures SMBs can implement to give customers, supply chain partners, insurers, and other parties confidence that their business is cyber ready. Additionally, CRI intends to work with members and other organizations to develop a Global Training Network of qualified Cyber Coaches to assist SMBs and verify the completion of the Cyber Readiness Program.
  • Incentives: Convene stakeholders to work with operators of global supply chains and cyber insurance providers to devise incentives—preferred supplier status or lower cyber insurance rates–to encourage SMBs to adopt strong cyber practices.

The Roadmap provides direction for the continuation of work that began five years ago when the CRI was formed—to help small and medium-sized businesses become more secure against today’s most common cyber vulnerabilities. CRI has emerged as a leading source for SMBs worldwide seeking practical tools and resources to train their employees in the actions that will make them more secure.

“The Cyber Readiness Institute is proud of the work accomplished over the past 5 years to secure SMBs around the world,” said Karen S. Evans, CRI Managing Director. “With the release of this Roadmap, we are sharing concrete actions required to continue securing SMBs and their global supply chain networks.”

CRI reaches over 2 million SMBs worldwide through its Champion network and is currently working with Apple and General Motors on cyber readiness training to support SMBs in their global supply chains. Additionally, the Institute has notable partnerships with the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. State Department, the U.S. Department of Defense, the National Institute of Standards and Technology (NIST), United Nations Institute for Training and Research (UNITAR), International Chamber of Commerce (ICC), Australian government, and World Economic Forum (WEF).

“Large companies have long been aware of cyber threats and have deployed security features to protect themselves from the growing threat of malicious hackers,” said George Stathakopoulos, vice president of corporate information security at Apple. “Encouraging small businesses to adopt better security practices, such as wide-scale adoption of multi-factor authentication, that help to protect against this growing threat often requires better security training and education. Resources like CRI’s Roadmap are important educational tools for small businesses to improve their security and ultimately the security of users who rely on them.”

CRI offers a broad portfolio of tools and resources to help SMBs educate employees. The Institute created the self-guided Cyber Readiness Program with information on four key cyber issues—passwords, software updates, phishing awareness, and removable media/USBs. To date, nearly 5,000 SMBs in 178 countries have enrolled in the free program, most with less than 100 employees. CRI has released 25 guides on topics such as multi-factor authentication (MFA), managed service providers (MSPs), telehealth, hybrid work, and many more. These guides serve as practical resources on topics where it has been shown that SMBs have knowledge gaps.

“Our partnership with CRI highlights the importance General Motors places on ensuring the cyber resilience and readiness of our supply chain partners,” said Christine Pelione, Cybersecurity Strategic Risk Manager, General Motors. “GM is committed to helping improve the cyber practices of the small and midsized businesses in our supplier community.”

Additional support for the Roadmap:

“Cyber threats can have an outsized impact on companies with fewer security resources and expertise,” said Ron Green, chief security officer, Mastercard. “Helping raise awareness of proven best practices can go a long way to help smaller businesses reduce their risks and build even greater resiliency across all parts of the digital economy.”

“The Cyber Readiness Institute’s Roadmap makes it clear that effective cybersecurity requires us to reach outside our own companies and work closely with our network of partners, customers, and suppliers,“ said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft. “We look forward to assisting with the work to help accelerate learning and best practice sharing across businesses large and small.”

Center for Global Enterprise
“The actions proposed in this Roadmap demonstrate the Cyber Readiness Institute’s ability to foster the proactive involvement of the private sector in the development and promotion of global management best practices for cybersecurity,” said Samuel J. Palmisano, chairman of the Center for Global Enterprise and former IBM chairman.

“The recommendations in this Roadmap align with ExxonMobil’s view that improving the cyber resilience of SMBs is important. ExxonMobil has worked with CRI to improve awareness of the issues and meet this objective,” said Martha E. Miranda, Cyber Business Response COE Manager, ExxonMobil.

Principal Financial Group
“CRI is doing important foundational work to raise awareness of the critical role small and medium-sized businesses have in the security of global value chains by providing practical resources and tools, said Mike Badeaux, Business Information Security Officer, Principal Financial Group. “Principal is proud to support CRI’s work to increase the basic cyber skills of SMBs around the world.”

Read Roadmap for Preparing Small and Medium-Sized Businesses to be Cyber Ready here.


About Cyber Readiness Institute

The Cyber Readiness Institute is a non-profit initiative that convenes business leaders from across sectors and geographic regions to create free cybersecurity tools for small and medium-sized businesses (SMBs).

CRI’s resources focus on human behavior and emphasize employee education and awareness. Our mission is to advance the cyber readiness of SMBs to improve the security of global supply chains. The Institute is housed within the Center for Global Enterprise, a New York-based non-profit applied research organization. CRI was co-founded by the CEOs of the Center for Global Enterprise, Mastercard, Microsoft, and PSP Partners, as a follow-up action to the work of the 2016 President’s Commission on Enhancing National Cybersecurity. Members include Apple, ExxonMobil, General Motors, Mastercard, Microsoft, and Principal Financial Group.

For more information visit: or email