With SecuryGo, you aim to improve IT security for small and micro businesses, such as craft enterprises, retailers, service providers, or small manufacturing companies. What motivated you to found a company and focus specifically on this target group?
The idea emerged directly from our personal environment. My father Martin and I have close ties to small and micro businesses, particularly through their own family business, a small furniture moving company.
At some point, the topic of IT security came up there: What options are actually available, and which solutions exist for small businesses? It quickly became clear that there are still very few suitable offerings for this target group. This led to the idea of developing a comprehensive solution specifically tailored to the needs of small and micro businesses. At the same time, we also look at the issue from the perspective of IT security research: Small businesses often have only limited protection mechanisms and therefore face challenges similar in many ways to those faced by private individuals.
It is almost paradoxical: With more than 3 million companies, small and micro businesses represent the largest business group in Germany and account for around 97% of all companies. Nevertheless, they are often particularly poorly protected in terms of IT security, while at the same time only a few solutions are specifically tailored to their needs. We primarily see IT security for small and micro businesses as a resource and accessibility problem. Internal experts or dedicated IT departments are often lacking, external consulting is expensive, and independently dealing with complex security topics is hardly realistic for many companies.
We are convinced that affordable, practical solutions tailored specifically to small and micro businesses can make IT security far more accessible and sustainably improve the overall level of security. At the same time, this benefits not only the individual company but also society and the economy as a whole.
Many smaller companies do not have dedicated IT departments. What practical security problems do you regularly encounter among your customers?
Small and micro businesses are often significantly less prepared in terms of IT security than medium-sized or larger companies. We frequently observe issues such as password reuse, missing two-factor authentication, insufficient data backups, or outdated devices without current security updates. In some cases, there is also a lack of awareness among employees regarding basic security risks.
At the same time, we often find that business owners and management teams are well aware of the risks they face. The real challenge is usually not a lack of awareness, but rather the practical implementation of security measures. Limited personnel and time resources, as well as a lack of suitable offerings, make it difficult for many companies to implement sustainable security practices.
You are developing practical tools and concepts that can be used without complex technical expertise. What does your technological approach look like in concrete terms, and which solutions are you currently offering?
Our focus is on making IT security as accessible as possible for small and micro businesses. SecuryGo is intended to become a platform that proactively supports companies like a virtual IT security employee. This means that we explain IT security in an understandable way and, above all, provide concrete practical guidance, for example on how to implement individual security measures.
Many small and micro businesses have a strong sense of initiative and practical expertise. With the right support, they are capable of implementing many measures independently. SecuryGo is designed to help them maintain an overview, communicate necessary steps clearly, and reduce workload where appropriate. In this sense, we see ourselves as an enabler for IT security.
We are not developing entirely new technical security measures. Instead, we help companies achieve a higher level of IT security using existing tools and realistic, practical measures.
At the moment, we are still in the development phase. Over the coming months, we aim to release an initial version of SecuryGo. We are currently holding intensive discussions with small businesses in order to better understand their requirements and operating conditions. In addition, we will be engaging more extensively with small and micro businesses in the coming weeks to systematically analyze their situations.
SecuryGo emphasizes that good IT security must be easy to understand and use. How do you balance usability and effective cybersecurity?
User-friendliness and effective cybersecurity do not have to be contradictory. On the contrary, research shows that poor usability can significantly reduce the effectiveness of security measures. Our goal is therefore to combine strong usability with effective IT security.
This begins with explanations that are as understandable as possible and explicitly aimed not only at experts. It continues with the selection of suitable security measures and their practical communication.
It is particularly important that the measures are tailored to each individual company and its specific conditions. At the same time, they must remain pragmatic and realistically implementable. A small business, for example, cannot establish the same security structures as a large corporation. Our goal is therefore not to achieve theoretically maximum security, but to introduce sensible and realistic measures that significantly reduce risks and provide tangible security benefits.
A good comparison would be tax software applications: They make a highly complex subject accessible to people without specialized knowledge. We are pursuing a similar approach in the field of IT security for small and micro businesses.
Your work often mentions intelligent approaches and AI-related technologies. What role do AI and machine learning play in your solution?
We see a wide range of possible applications for AI, particularly for large language models (LLMs), which we aim to integrate into our platform in a targeted way. At the same time, we also critically examine the potential risks, such as unpredictable behavior or so-called hallucinations. While minor inaccuracies may often be tolerable in general applications, they can have significant consequences in the field of IT security.
For this reason, we are not pursuing an approach in which AI acts fully autonomously. Instead, we use LLMs selectively in specific areas and carefully evaluate different approaches to ensure the most reliable support possible.
For example, AI models can help analyze a company’s environment more quickly and systematically or examine suspicious emails for possible phishing indicators. In addition, we are planning to integrate a chatbot specifically tailored to the IT security needs of small businesses.
Can you share a concrete example from practice in which SecuryGo helped a company close a real security gap or make risks visible?
Since we are currently still in the development phase and SecuryGo has not yet been officially released, we cannot yet share completed real-world examples from productive operations.
However, we are already in close exchange with small businesses and continuously gaining valuable insights into typical security challenges and concrete day-to-day issues faced by small and micro businesses. These findings flow directly into the ongoing development of our platform.
How does CISPA’s scientific expertise influence your product development?
One of the central research focuses at the CISPA Helmholtz Center for Information Security is usable security, or more specifically, human-centered security. At its core, this research addresses the question of how security solutions must be designed so that they are truly understandable, usable, and practical in everyday life.
This principle also forms a key foundation of SecuryGo. There are already many theoretically highly secure systems available, but they often fail to adequately consider human usability aspects. This is particularly relevant for small and micro businesses, as they typically do not have dedicated IT departments or specialized IT security experts.
CISPA’s scientific expertise therefore plays a major role in supporting our product development. After all, only security measures that are understandable and practical will actually be implemented consistently over the long term. Our goal is therefore to make IT security as accessible and suitable for everyday business operations as possible.
What does the market for cybersecurity solutions for small and micro businesses look like? How does SecuryGo differ from traditional security services or consulting offerings?
There are already various solutions available on the market, but many of them are not optimally tailored to the needs of small and micro businesses. Individual security tools such as antivirus software are widespread and comparatively affordable, but they cover only a small part of the broader IT security landscape.
Professional IT security consulting can provide comprehensive support for companies, but it is often associated with high costs and is economically unrealistic for many small businesses. At the same time, small companies are often not considered a priority target group by many consulting providers.
Comprehensive standards such as ISO 27001 or the German BSI IT baseline protection framework are also highly complex and resource-intensive for many small businesses. While informational materials and checklists from organizations such as the German Federal Office for Information Security (BSI), industry associations, chambers of commerce, and chambers of crafts do exist, they often focus more on general information or assessments rather than on the practical implementation of improvements.
This is exactly the gap we aim to address. Our goal is to offer comprehensive, practical, and at the same time affordable support that enables small and micro businesses to improve their IT security independently, without having to become IT security experts themselves. In the long term, we want to help companies manage security-related tasks more efficiently and support them continuously.
In a way, we see SecuryGo as a virtualized consulting platform that gives companies the feeling of having their own virtual IT security employee.
What is your vision for the next three to five years? Which technological developments do you believe will shape IT security for small and micro businesses most significantly?
In the medium term, we aim to expand our platform internationally. Although our current focus is initially on Germany, the fundamental IT security challenges faced by small businesses are very similar worldwide. At the same time, we already have many additional ideas and features that we plan to integrate into the platform step by step.
From a technological perspective, we expect small and micro businesses to become increasingly digitalized. As a result, IT security will continue to grow in importance. At the same time, the hardware used by companies will change: Depending on the industry and application area, traditional desktop systems will increasingly be supplemented or replaced by mobile devices and cloud-based solutions. This will also create new requirements for security measures.
In addition, the use of AI in businesses will continue to increase, creating both new opportunities and new risks. In our view, it will therefore become increasingly important to provide security solutions that are powerful, understandable, and easy to integrate into everyday business operations at the same time.
More information about SecuryGo: securygo.de
