Cyber Risk Check according to DIN SPEC 27076
The CyberRiskCheck for medium-sized businesses
Fast. Simple. Understandable.
Would you like to know the status of your information security without immediately starting a complex audit? As a qualified service provider, we offer the BSI's CyberRiskCheck for small and medium-sized enterprises. It provides a structured overview of your security level with clear recommendations for action.
Efficient, comprehensible and implementation-oriented.
Why IT security is so crucial for medium-sized businesses
Smaller and medium-sized companies are also increasingly being targeted by cybercriminals. However, without their own IT security department, they often lack an overview: What are the dangers? What protective measures do we need? And how can we react in a targeted manner without getting lost in complex processes?
Typical problems
- Little internal know-how about information security
- Uncertainty about fulfilling legal minimum requirements
- Lack of overview of technical and organizational vulnerabilities
- Fear of excessive effort, complexity, or costs
Our solution - the CyberRiskCheck
TODO: there was an image here (sign with "CyberRiskCheck" on it) instead of the icon on the left
The CyberRiskCheck is based on DIN SPEC 27076 and was developed by the German Federal Office for Information Security (BSI) specifically for smaller companies. The goal is to enable a structured assessment of the IT security situation – quickly, understandably, and practically.
For whom is the check suitable?
- Companies with up to 250 employees
- Particularly suitable for medium-sized businesses with growing IT complexity
- Also suitable for smaller companies without their own IT department
- Can be used across all industries: production, service, trade, healthcare
Note: DIN SPEC 27076 was originally developed for smaller companies, but is also suitable as a structured entry point for larger medium-sized companies with a manageable IT landscape.
Our approach – how the check works
The CyberRiskCheck follows a standardized process defined by the BSI and is carried out using an official web application. The aim is to provide companies with a transparent and practical assessment of their information security, with direct added value (TODO: numbering and indentation broken!).
- Preliminary discussion:
Together, we clarify whether the check makes sense for your company. We take into account industry, size and IT structure. - Structured interview:
In an approximately 1–2-hour discussion, we check 27 requirements from 6 central topic areas:- Organization & Awareness
- Identity & Authorization Management
- Data Backup
- Patch & Change Management
- Protection against Malware
- IT Systems & Networks
- Evaluation with scoring system:
Your answers are evaluated in accordance with DIN SPEC 27076. This results in a score (max. 37) that reflects your IT security status. - Individual result report:
- Security score visualized with a spider diagram
- Concrete, prioritized recommendations for action for each topic
- Optional: Information on suitable funding programs
- Follow-up discussion & outlook:
We will explain all the results in detail, identify quick wins and point out possible next steps. We also take into account further measures such as awareness training, backup concepts or the introduction of an Information Security Management System (ISMS). The CyberRiskCheck thus provides a solid basis for strategically developing your security level.
Further information on DIN SPEC 27076 can be found directly at the BSI: www.bsi.bund.de/CyberRisikoCheck
Our packages at a glance
TODO: The packages below used to have an "Request offer" action/mailto per column and were visually more appealing (than "blocks")…
CyberRiskCheck BASIC: 950€
Ideal for smaller companies with up to 25 employees:
Execution of the CyberRiskCheck incl. final discussion
CyberRiskCheck PLUS: 1.350€
Recommended for medium-sized companies:
Execution of the CyberRiskCheck incl. final discussion, comprehensive analysis and structured measures workshop
Optional with follow-up consultation (e. g. awareness, backup concept, penetration tests)
CyberRiskCheck PREMIUM: from 1.950€
For companies > 150 employees:
Execution of the CyberRiskCheck incl. final discussion, comprehensive analysis and structured measures workshop as well as in-depth action plan
Optional with follow-up consultation (e. g. awareness, backup concept, penetration tests)
TODO: Picture of Maxi and text next to it as well as action/mailto "Free consultation"
Are you unsure which package is the best for you? Our experienced consultants will be happy to help you find the right approach for you!
Your Benefit
TODO: These are actually two columns with heading and bullet list. I have added lists as "List advantages CT" components. Are actually next to each other…
Why you should work with us
- Structured security check according to BSI standard (DIN SPEC 27076)
- Conducted by qualified consultants with many years of security experience
- Practical recommendations with technical depth
- Clear report with action plan, prioritized by risk
- Implementation possible within one working week
What comes next
- Upon request, we can assist you with the implementation of the recommended measures.
- We offer supplementary services: security awareness, backup strategies, technical hardening, penetration tests, and much more.
- You will receive documented security status, which is helpful for customers, insurance companies, or partners.
Frequently Asked Questions
TODO: The following FAQ was actually visually displayed as a vertical series of components...
What does the CyberRiskCheck cost?
- Our packages start at €950 (plus VAT).
How quickly can the check be carried out?
- Typically within 7–10 working days from commissioning.
What happens after the check?
- You will receive a prioritized action plan. Upon request, we can also assist you with the implementation, e.g., with security concepts, penetration tests, or security awareness.
Are you ready to make your IT risk visible?
TODO: Here, in the right column, there was actually the sign with the inscription “CyberRiskCheck” again...
Contact us for a free initial consultation: TODO Action/Mailto “Arrange an initial consultation now”
Why mgm security partners?
In a world full of cyber threats, more than standard solutions are needed. We offer tailored IT security strategies that not only look good on paper but also prove themselves in practice.
- Holistic approach: We combine technology, organization, and people into a practical security program.
- Technically sound: Our methods are based on current standards and our many years of expertise.
- Individual & pragmatic: No “one-size-fits-all”, but tailor-made solutions for your corporate culture.
- Long-term support: From the initial analysis to the continuous improvement process.
“We simplify your Information Security Journey”
“We simplify your Information Security Journey”
TODO: “AP Maxi” still needs to be added
mgm sp
DeepDive
A penetration test can be carried out with varying degrees of prior knowledge – from a completely blind flight to the complete disclosure of the system architecture. The choice between Blackbox, Greybox and Whitebox determines the depth, effort and significance of the test.
I am the reading text. I can be deselected below via the toggle. Lorem ipsum dolor sit amet sed Marcus is here today in the Colosseum. But where is Cornelia? She waits a long time. Finally she rejoices and laughs. There she is! There she sits!
Comparison 1
- topic 1
- topic 2
- topic 3
Comparison 2
- topic 1
- topic 2
- topic 3 dasdasdsa dsdsa