Security 2025

Most cyber security frameworks were designed with large enterprises in mind. The terminology is dense, the controls assume dedicated security teams, and the cost of implementation puts them out of reach for a 20-person professional services firm.

SMB1001 is different. It was developed specifically for small and medium businesses, by people who understood that smaller organisations have real security needs but different resources than enterprise.

What SMB1001 is

SMB1001 is a progressive cyber security standard developed by Dynamic Standards International. It provides a structured, step-by-step path for small businesses to build and demonstrate their security posture across five levels, each building on the last.

  • Level 1 covers the essentials: firewalls, antivirus, and regular software updates.
  • Level 2 introduces formal practices: password management, multi-factor authentication, and documented backup routines.
  • Level 3 adds structured controls: employee security awareness training, incident response procedures, and secure data handling.
  • Level 4 moves to proactive management: vulnerability scanning, cyber insurance, and enhanced data protection.
  • Level 5 reaches advanced security: supplier agreements, background checks, and sensitive data encryption.

Most professional services businesses we work with are operating somewhere between Level 2 and Level 3. Our goal within AgileSECURE is to understand where a business sits and move them deliberately forward, without doing more than the environment warrants.

Why it matters

A security framework does several things at once. It gives you a clear picture of where you actually stand, not just where you think you stand. It gives clients and partners confidence that you take security seriously. And if something does go wrong, it demonstrates that you acted reasonably and had documented controls in place.

For professional services businesses, particularly those with legal, financial, or health data obligations, demonstrating a recognised security posture is increasingly expected, not optional. Regulators, insurers, and sophisticated clients are all asking these questions.

How AgileSECURE is aligned to SMB1001

Our cyber security service, AgileSECURE, is structured around the SMB1001 maturity framework alongside the ASD Essential 8. We assess where a business currently sits, plan the steps to lift their posture, and then maintain and advance that posture as part of the managed service.

AgileSECURE covers five capability areas: identity, email, endpoints, data, and governance. It is delivered as a core part of every AgileMANAGED engagement.

Security is not a project you complete. It is a posture you maintain. That is why it is a managed service, not a one-off review.