Enterprises strengthen the trust of customers in their products and services with a label or certificate. This confirms an appropriate level of IT security within the company. However, time-consuming and costly certificates stand side by side with labels non-recognizable significance. Without intensive research, it is often not possible to judge whether the label or certificate meets the requirements of an SME.
The WIK study identified 49 labels and certificates that are potentially relevant for SMEs. All of them come from the field of information security. Most labels and certificates refer to specific sub-areas of information security (application areas or product categories). A simple classification into “secure” or "insecure” products, services or companies is hardly meaningful.
SMEs as demanders are often not willing to bear the costs for more IT security. They tend to see the short-term costs rather than the long-term benefits for their own internal processes, marketing or customer acquisition. Labels and certificates therefore hardly find broad acceptance in SMEs.
