The SME Maturity Trap
Koen Gilissen
PXL Smart ICTCybersecurity Research Coordinator
Abstract
While large organizations often lead in cybersecurity maturity with average SAMM scores reflecting structured governance, SMEs struggle to move beyond ad-hoc, reactive security. Our research addresses this critical “maturity gap” by presenting results from recent OWASP SAMM assessments within the SME ecosystem. Although these organizations often show a significant understanding of enterprise-wide risk, they face substantial hurdles in performing threat assessments, designing secure architectures, and implementing secure build processes.
Our research further shows that SMEs often favor tangible, reactive solutions over a structured approach. This results in a critical absence of systematic metrics and a lack of strategic coherence at both the organizational and cross-project levels. To bridge this divide, we explore a multidisciplinary approach for transitioning from fragmented security tasks to a unified, future-proof strategy. We propose actionable pathways that enable SMEs to scale their security efforts efficiently within their unique resource constraints, simultaneously building a robust foundation for compliance with emerging regulatory frameworks such as NIS2 and the CRA.
Speaker bio
Dr. Ing. Koen Gilissen is the Cybersecurity Research Coordinator at PXL Smart ICT, dedicated to bridging the gap between state-of-the-art research and real-world application. With a PhD in Engineering Technology (UHasselt, 2016) and over a decade of experience, he specializes in transforming complex security and privacy challenges into tangible, actionable solutions. He focuses on empowering the cybersecurity ecosystem through multidisciplinary innovation, making secure application development accessible, future-proof, and standard practice for all.