SMB1001: Practical Cybersecurity Maturity Framework Built for New Zealand Businesses
SMB1001 is the international cybersecurity maturity framework designed specifically for small and medium-sized businesses. It gives you a clear, achievable pathway to strengthen your controls and prove your security posture – without the complexity or cost of enterprise frameworks.
What is SMB1001?
Developed by Dynamic Standards International (DSI) and certified through CyberCert, SMB1001 is a tiered, certifiable framework that helps Kiwi businesses:
-
Protect against common cyber threats
-
Meet insurer and regulator expectations
-
Build confidence with clients and supply chain partners
-
Demonstrate real resilience
In short, it provides a practical, achievable pathway to stronger governance without the complexity or cost of traditional enterprise frameworks.
Why SMB1001 Matters to Your Business
Cyber threats are a daily reality for New Zealand businesses. Recent research shows that nearly half (44%) of mid-to-large Kiwi businesses were subjected to an attack in the past 12 months, even as overall incidents have fluctuated.
At the same time, AI-driven cyber threats have more than doubled year-on-year, fuelling smarter phishing, automated attacks and new vulnerabilities that traditional defences often miss. When an incident hits, the cost can quickly run into hundreds of thousands or even millions in downtime, recovery, legal fees, and lost revenue. Add the stress, damaged client trust, and potential reputation harm, and it’s clear why “it won’t happen to us” is a risky mindset.
Most businesses operate on hope and basic checklists. SMB1001 changes that by giving you something most companies never achieve:
-
Proof that your controls actually work backed by structured evidence, not just good intentions.
-
A clear, recognised way to meet insurer and regulator expectations helping with smoother renewals and stronger positioning.
-
Real confidence from clients, partners, and your own team because you can demonstrate a recognised standard of care.
-
Protection for what you’ve built so one incident doesn’t threaten your business, your livelihood, or your peace of mind.
SMB1001 turns good intentions into measurable, certifiable resilience - the kind that grows with your business and gives you a genuine edge in today’s environment.
The 3 Certification Levels (most relevant for NZ SMBs)
The essential starting point – Basic security controls and compliance fundamentals that any business can achieve quickly.
Focus: Basic security controls and compliance fundamentals, including reliable technical support, firewalls, antivirus, patching, strong passwords, and data backups.
Who it’s for: Businesses taking their first structured step in cybersecurity or needing a quick, achievable baseline.
Key Benefits: Immediate protection against common threats, a clear assurance report, and a solid foundation that meets basic insurer and regulator expectations.
Building on Bronze with stronger operational practices for better day-to-day resilience.
Focus: Enhanced controls such as multi-factor authentication, access management, employee training, incident response readiness, supplier risk oversight, and ongoing risk tracking.
Who it’s for: Growing businesses with moderate risk exposure that want more than the basics and improved visibility.
Key Benefits: Stronger defences, better risk management, improved readiness for incidents, and greater confidence when dealing with clients, suppliers, and insurers.
Advanced maturity with proven governance and strategic oversight – the highest self-attested level.
Focus: Comprehensive security practices including evidence-based control validation, continuous monitoring, formal policies, executive attestation, and alignment with global standards.
Who it’s for: Organisations seeking the highest level of assurance, those in higher-risk sectors, or businesses that want to demonstrate real cyber maturity.
Key Benefits: Maximum stakeholder trust, stronger positioning with cyber insurance providers, executive-level confidence that controls actually work, and a clear pathway toward even higher standards like ISO 27001.
Why Choose Infoways as Your SMB1001 Partner?
When it comes to cybersecurity, you don’t just want a checklist - you want confidence that your controls actually work when it matters most. We are officially certified to Gold level under SMB1001 - the highest self-attested standard. We don’t just talk about it; we live it every day.
Our hands-on approach guides you from Bronze through to Silver or Gold, with ongoing support to maintain certification long-term. Our Assurance Model integrates SMB1001 seamlessly with governance, risk management, and independent verification turning isolated efforts into a cohesive, defensible programme.
Everything we do aligns with the NZ Privacy Act, cyber insurer expectations, and global best practices (ISO 27001, NIST, and more).
Here’s what you stand to gain:
-
Clear, evidence-based proof that your security controls are effective - not just hope or paperwork.
-
A stronger position with cyber insurance providers, often leading to better premiums and faster approvals.
-
Increased trust from customers, partners, and your team through a recognised, certifiable standard of care.
-
A scalable pathway that grows with your business, delivering lasting resilience and a genuine competitive edge.
Ready to move from uncertainty to real, measurable assurance? Let Infoways guide you through the process, the kind that protects what you’ve built and helps you sleep easier at night.
