Roundtable (L-R): Nathalie Reuter, moderator; Patrick Duarte, COO at Luxcontrol; Sebastien Weiland, CIO/DSI at Luxcontrol; Olivier Antoine, Head of Information Security Management at POST Luxembourg; Credit: Luxcontrol / POST Luxembourg

Luxcontrol and POST Luxembourg have announced that they are joining forces to launch the "Cyberscore" label for (very) small and medium-sized enterprises (VSEs and SMEs).

Considering that "no one is safe from an attempted intrusion into their computer system", these two Luxembourg companies have decided to create a "Cyberscore" label to ensure data security. This "Cyber-Responsible" label is aimed at primarily helping small and medium-sized businesses by offering them the opportunity to improve their IT infrastructure in the face of cybersecurity and data leak risks, but the principle can also be a first step in obtaining ISO 27001, according to the two companies.

At the end of October 2023, Luxcontrol and POST Luxembourg presented this label during a roundtable centred around several themes including cybersecurity.

The partnership for the creation of "Cyberscore" is said to draw on Luxcontrol's experience in the field of security-related risk management, analysis and auditing in the context of Luxembourg and European standards, as well as on POST Luxembourg's expertise in cybersecurity and ICT solutions.

Based on an on-site assessment by Luxcontrol, companies will be assigned a "Cyberscore" ranging from A to E, accompanied by a detailed report indicating the strengths and weaknesses of their IT networks. Concretely, "a company that has achieved grade A or B will be awarded the 'Cyber-Responsible' label which demonstrates its maturity in terms of IT security. This label also provides proof that the company respects the prescribed standards and that it is able to demonstrate it," according to Sébastien Weiland of Luxcontrol.

If a company does not achieve a sufficient score, the detailed report including recommendations is expected to allow it to establish a cybersecurity action plan, also offering it the possibility of receiving support from experts with the aim of obtaining the label.

Beyond these technical aspects, Luxcontrol has insisted on the development of good business practices in terms of cybersecurity. While it is important to protect organisational infrastructures, companies should also train employees on these issues, noted the partners.

Certain actions can be put in place to create this culture of safety - this is also one of the main motivations behind the new label.