Free CyberCert Bronze SMB1001 Certification for First 50,000 Businesses (ABN Required), Save $95 @ CyberCert

43
Free CyberCert Bronze SMB1001 Certification for First 50,000 Businesses (ABN Required), Save $95 @ CyberCert
Go to Deal
Ozbm on 03/10/2025 - 10:08 cybercert.ai (163 clicks)
Last edited 03/10/2025 - 11:18 by 2 other users

Found this on Reddit /r/msp.

Click the banner at the top of the page for the deal.

CyberCert is a new international cybersecurity certification platform designed for small and medium businesses. It’s built on the SMB1001 standard, which is like a lightweight version of ISO 27001, but tailored to SMBs so it’s quicker, easier and cheaper to achieve.

• Provides a shareable certification badge (via Credly) you can display on LinkedIn, websites, tenders, etc.
• Boosts credibility with customers, partners and insurers.
• A “foot in the door” for cyber certification without heavy costs or audits.

To achieve Bronze you just need to tick off the basics:

  1. Engage a technical support specialist (e.g. your MSP or IT provider)
  2. Install & configure a firewall
  3. Install anti-virus software on all devices
  4. Automatically apply software updates & patches
  5. Change passwords routinely
  6. Implement a backup & recovery strategy for important data

If you’re already doing these, you can pretty much claim Bronze straight away.

Computing Certification Cyber Security

Related Stores

CyberCert
CyberCert

Comments

  • Far Cough on 03/10/2025 - 10:13
    +7

    you can display on LinkedIn

    great another useless thing to brag about

    • Ozbm on 03/10/2025 - 10:29
      -6

      Haha fair point. A lot of these things do end up as just another badge on LinkedIn. My clients all advertise these badges on their website and email. It helps convey confidence.

      The upside though is that some SMBs get asked by insurers or in tenders if they have any form of cyber certification, and even a Bronze tick box can help them avoid awkward conversations. For businesses that could never pay for ISO27001, this is at least something to show they’re not totally asleep at the wheel.

      • croccer on 03/10/2025 - 10:37
        +8

        I'm one of these IS auditors that review these responses BTW. And I will ignore this certification for sure. Small businesses can do self-assessment against ASD Essentials 8 Maturity Level 1 and show that as evidence. That will get a tick with the auditor and will meaningfully help the organisation.

        https://www.cyber.gov.au/business-government/small-business-…

        • Ozbm on 03/10/2025 - 11:34
          -3

          You’ve dropped a few comments here which is interesting, but honestly, your job isn’t under threat.

          If anything, SMB1001 Bronze/Silver/Gold just means more small businesses will finally get their act together and then start thinking about “what’s next”. That “next” is often ASD8 or ISO27001, which is exactly where auditors like you come in.

          So it’s not replacement, it’s a feeder. It moves SMBs from nothing → something → eventually the real standards you live in.

          • croccer on 03/10/2025 - 11:50
            +4

            @Ozbm: I agree with your point. That "something" is ASD Essentials 8. Not this shit. Again, https://www.cyber.gov.au/business-government/small-business-…

            Also, don't try to make this about me. I want more people to be educated about cyber threats and not get a false sense of security by getting these badges. BTW, when I meant "auditor", I meant the Insurance company staff reviewing the responses.

            • Ozbm on 03/10/2025 - 12:04

              @croccer: Most SMB do not understand the Essential 8, plus this is an international standard not a framework. There is a big difference between frameworks (essential 8) and an international standard (smb1001).

              I know this because I own an MSP that does presentations in front of hundreds of business owners regularly, who have NFI about cyber security. The E8 is a convoluted mess that most business owners and managers just glaze over and put in the too hard basket.

              My MSP gets all our clients straight onto Gold, so these Bronzes arent relevant to us but for a small 1 - 10 person micro/small business without an IT provider who want to DIY and get started but dont know what to even do to get the ball rolling, this maps out a very straight forward steps and provides them certification.

              Often the hardest step is the first step. This is the first step. And they have it being given out for free. I think its a great oz bargain deal.

              The more people that focus on IT cyber security and start this journey, the more work that this will generate for auditers such as yourself.

              • croccer on 03/10/2025 - 12:51
                +4

                @Ozbm: Thanks for the explanation. smb1001 is some made up cert sold by some random company (the domain is cybercert.ai - God knows what AI has to do with this company). ACSC has clear guides for small businesses to improve their cyber security.

                Here's a start:

                https://www.cyber.gov.au/business-government/small-business-…

                IDCare offers a free Small Business Cyber Resilience Service designed to help sole traders and small businesses with cybersecurity support:

                https://www.idcare.org/smallbusiness

                Stop recommending this cert/company to your clients for cyber security maturity. Again, I am not just an "auditor". I am another information security professional and I actually care about not just the clients, but also everyone. I DO NOT care just about my survival.

                BTW, IDCARE is the national identity and cyber support service. It is a not-for-profit charity that was formed to address a critical support gap for individuals confronting identity and cyber security concerns.

              • croccer on 03/10/2025 - 14:26
                +6

                @Ozbm: You said Essential 8 is a "convoluted mess". If a business can tick boxes for Bronze, they can absolutely do Essential 8 Maturity Level 1 - the Self-Assessment Tool isn't complicated for the basics. That's just not true.
                Here's the real issue: if they're going to make the effort anyway, use the right framework from the start. Getting a badge might actually stop them doing the real work - they tick boxes, get certified, and think "job done" when cybersecurity is ongoing.
                Small businesses need real help, not badges. IDCARE's Small Business Cyber Resilience Service is free and actually useful: https://www.idcare.org/smallbusiness
                They offer 24/7 Incident Response Hotline (1800 595 170), one-on-one Cyber Adviser support tailored to your business, Cyber Health Check with independent review of your security posture, Cyber First Aid after incidents, wellbeing support for staff, and a secure portal with personalised next steps. This is real professional support from qualified experts.
                The effort is basically the same either way - use it to build actual cyber resilience instead of marketing material for some random company.

                • Ozbm on 03/10/2025 - 21:16
                  -3

                  @croccer: Idk why you're so rialed up over a free bronze certification. It's the lowest one there is. Go look up their diamond version then come back and see if you complain.

                  It's free, it's something for a small business to get into taking cyber security seriously.

                  You've completely missed the point. Just because you think this is gonna take work away from you as an iso assessor lol.

                  Thats like bmw getting upset because a bike shop started selling push bikes in the same street. It's completely different, but a start.

                  • croccer on 04/10/2025 - 03:28
                    +4

                    @Ozbm: I'm all in on small businesses leveling up their cyber game without barriers. But let's cut through: if the goal's real progress, not just a badge, why not lean on the free, no-fluff gov toolkit that's purpose-built for this exact scenario? Cyber.gov.au's Essential Eight offers free maturity verification tools like the E8MVT for self-assessments, step-by-step SMB guides, and actionable maturity models that map straight to ASD benchmarks - no company middleman, just evidence-based wins that hold up under scrutiny from insurers or tenders. And for hands-on help? IDCare's free Small Business Cyber Resilience Service delivers a dedicated cyber advisor, incident response hotline, post-breach support, staff wellbeing resources, and a tailored Cyber First Aid kit for threats like data leaks - national backing, zero cost, for sole traders to ops with under 20 staff.

                    I'm straight-up not going to back or respect CyberCert.ai's badges - Bronze, Silver, Gold, whatever - because they lack real quality control; it's a brand-new outfit pushing their own standard, with nothing but heavy marketing. Bronze is purely self-attestable via a quick self-assessment and director sign-off - no evidence, no verification, just unchecked box-ticking. And it gets worse: Silver and Gold are the same self-assess game (with optional MSP support), no evidence submission or audits required either - only Platinum and Diamond bring in external verification, but by then you're basically doing a full audit anyway. That's not quality; it's a ladder of illusions that could breed complacency. If you're grinding firewalls, patches, and backups, channel that into documented plans from Essential Eight or IDCare's personalized roadmap - it skips the lightweight fluff, builds legit resilience that scales to real standards without rework, and we auditors respect the evidence way more than startup stickers. Not gatekeeping - straight-up smarter path for businesses to thrive.

                    • Ozbm on 04/10/2025 - 17:29
                      -2

                      @croccer: Smb1001 is an international standard from dynamic standards international. Cybercert is the company issuing the standard.

                      Smb1001 is not just for Aussies so I don't know why you keep referencing the essential 8.

                      You've missed the point of this entirely. I'm absolutely blown away that an assessor would be against something that starts many businesses out on a cyber security journey.

                      Literally nothing else exists below iso and this is something which is better than nothing.

                      As an msp we refer all clients who achieve gold and want to keep going higher on their iso journey and all of those assessors love that they got more work. You don't need to be threatened mate, this is going to put more clients in your direction.

                      • croccer on 04/10/2025 - 23:23

                        @Ozbm: You're fundamentally misunderstanding what I'm saying, and I need to correct a few things here.

                        On SMB1001 being "international": I don't care if it's international or not - it's still a substandard framework. Dynamic Standards International is not a recognised standards body like ISO, IEC, or any legitimate national standards organisation. Being "international" doesn't make it credible. Anyone can create an "international standard" - what matters is whether it's recognised, respected, and actually provides value. SMB1001 fails on all counts.

                        On Essential 8 being "just for Aussies": This is OzBargain - an Australian forum, promoting a deal that requires an ABN (Australian Business Number). We're literally talking about Australian businesses. Essential 8 is what Australian insurers actually recognise, what auditors respect, and what government agencies accept. That's what matters, not some made-up international badge.

                        On "nothing exists below ISO": This is categorically wrong. Essential 8 Maturity Level 1 exists specifically as an entry point for small businesses. The E8 Self-Assessment Tool is straightforward - if a business can tick boxes for Bronze certification, they can absolutely complete an E8 Maturity Level 1 assessment. The difference is that E8 is a legitimate framework that won't need to be abandoned when businesses need actual credibility.

                        The fundamental problem with SMB1001: It's a proprietary standard created by a company to sell certifications. Bronze requires no evidence, no verification - just self-attestation and a director's signature. Silver and Gold are the same story - no real auditing until Platinum and Diamond, by which point you're doing a full audit anyway. This isn't quality assurance; it's a ladder of increasingly expensive badges that don't prove anything to anyone who actually matters.

                        Compare that to Essential 8: free, government-backed, recognised by insurers and auditors, with actual support infrastructure through cyber.gov.au and IDCare. When businesses follow E8, they're building real capability that scales to ISO 27001 if they grow. When they follow SMB1001, they're building nothing that will be recognised outside CyberCert's marketing ecosystem.

                        On me being "threatened": I'm not threatened by SMB1001 - I'm concerned about businesses wasting time on a rubbish standard that provides false confidence. When a business comes to us having followed Essential 8, we can build on that foundation. When they come with SMB1001 certification, we're starting from scratch because no serious auditor or insurer recognises it.

                        The real issue: SMBs deserve better than a proprietary certification scheme that won't be recognised by insurers, won't be accepted in serious tenders, and won't be respected by actual IS auditors. Essential 8 and IDCare's free services provide real, substantive help without the commercial conflict of interest.

                        I'm not gatekeeping - I'm trying to stop businesses from wasting time on a substandard framework when legitimate, free, recognised alternatives exist.

                        • realaaa on 05/10/2025 - 14:23
                          +1

                          @croccer: thanks for those summaries mate !

                          this is interesting actually yeah, so I wonder where did the DSI come from?

                          are they also owners of this cybercert.ai website?

                          I can see that Pax8 and Dicker both kind of endorsed this standard - but indeed I guess this doesn't increase its actual usefulness

                          • croccer on 05/10/2025 - 17:09
                            +1

                            @realaaa: Dynamic Standards International (DSI) seems to be the organisation that developed the SMB1001 standard, See this: https://australiancybersecuritymagazine.com.au/australias-dy…
                            And CyberCert is the company that certifies businesses against the SMB1001 standard SMB1001 Certification (https://thedetaildept.com/cyber/smb1001/).

                            Regarding Pax8 and Dicker Data endorsing it - that's not surprising. They're distributors/vendors in the MSP channel, and this kind of certification scheme creates a revenue opportunity for their MSP partners to upsell services. Dicker Data is actively promoting SMB1001 to their partner network as a way to "uncover additional revenue streams through cybersecurity" (https://www.dickerdata.com.au/blog/navigating-the-smb1001-cy…)

                            Commercial endorsement from channel partners doesn't validate the technical merit or recognition of the standard itself.
                            The key issue is: who actually recognises SMB1001 outside of the companies profiting from it?

                            Australian insurers? No - they look for Essential 8 or ISO 27001
                            Government tenders? No - they specify recognised frameworks
                            Legitimate IS auditors? No - we don't accept it as evidence
                            International bodies? No established recognition from ISO or any national standards organisation

                            Compare that to Essential 8, which is backed by the Australian Cyber Security Centre (part of ASD), or ISO 27001, which is recognised globally by the International Organization for Standardization. That's the fundamental difference - one is a proprietary commercial product from a private company; the others are legitimate frameworks with genuine industry recognition and government backing.

                            • realaaa on 05/10/2025 - 18:32
                              +1

                              @croccer: indeed ! the more I look at it, the more it seems like a pure money making machine, with some lip stick on it

                              ASD guidance is quite a lot more solid even at first glance, both their descriptions and templates etc

                              check this out also - they wanted to get this included into AUS requirements officially

                              https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-…

                              I gotta admit they're hustling well ! but yeah, looks more profit driven than actual care for security

    • schquid on 03/10/2025 - 10:34

      Fargo Coughman CISM/SCRUM/LEAN/6SIGMA/MBA/PSP/ITSM/BYD/CPR/ASL/DTF

      Make sure you post daily to point that you're amazed the rest of humanity is somehow surviving without your vast insight gained by your many pointless qualifications, that all have a single requirement to gain:

      1. You pay the course fees
      • Far Cough on 03/10/2025 - 11:06

        you forgot my PHD

  • starbearer on 03/10/2025 - 10:18
    +3

    At what point do these certifications do more harm than good?

    Really concerned they provide a false sense of security to potential customers and business partners.

    • Ozbm on 03/10/2025 - 10:26
      -6

      I don't think Bronze is meant to declare to the world that your business is a cyber security fort nox. It's a starting point for many SMB to begin their cyber security journey.

      For most SMB Bronze isn't the destination, it's a good starting point. In saying that there are many light weight SMB that bronze is actually enough.

      I'm an MSP owner myself and we onboard clients all the time that dont even have these minimum things setup. This is way better than nothing.

      Plus its free.

  • croccer on 03/10/2025 - 10:29
    +8

    Absolutely useless. I am an Information Systems auditor and if someone shows me this certificate as evidence of independent audits, I will immediately know that the company is dodgy. Like @Far Cough said, it's another useless thing to brag about, and serves only as marketing for the company that's "selling" these certificates. Stick to ASD Essentials 8, ISO/IEC 27001 or another industry-recognised standard. And no, you don't need a lightweight version of ISO/IEC 27001. You can pick the controls only applicable for your organisation from ISO/IEC 27001 Annex A and have a plan to implement the controls and follow the plan as documented. You don't even need to have all the applicable controls implemented at the time of the audit. You only need to have a plan and show the auditor that you're following the plan rigorously.

    • Ozbm on 03/10/2025 - 11:22
      -5

      Lol why would a 5-person plumbing business ever whip out a Bronze cert to an ISO auditor? You’re not the target audience.

      This is an on-ramp for SMBs that have zero cyber maturity, it gets them ticking off basics like AV, firewalls and backups.

      Nobody’s claiming it’s equivalent to ISO or ASD8. It’s just a free starter step. Deal is legit, and free is free.

  • gargen on 03/10/2025 - 11:22
    +5

    WTF is this cert supposed to show the clients? That I have got a dodge cert?

    • Ozbm on 03/10/2025 - 11:38
      -5

      Bronze isn't meant to be some elite badge. it’s literally a way for SMBs to show they’ve ticked off the basics (firewall, AV, backups, patching, etc). Clients aren’t reading it as “dodge cert”, they’re seeing “at least we’re doing something about cyber security”.

      For a cafe, tradie, or small law firm, Bronze isn’t the end goal, it’s the on-ramp. From there they can move into Silver/Gold or eventually ISO/ASD8 if they grow up.

      As an MSP we get our clients minimum Gold level certified but bronze is still something and gets the ball rolling. From there, we encourage the ones with a budget to look at ISO certification but for many companies they need to start somewhere.

      This deal is free bronze certification. It's a no brainer for any business that can achieve those basic requirements. Again.. its free.

  • BlahBlahBlahBlah on 04/10/2025 - 00:26
    +4

    I work in cyber security. This thing is a laughing stock of the industry developed by a bunch of self interested parties who seek to personally benefit from pushing small entities to run a useless process.

    It won't provide any assurance. won't lower your insurance premiums. Won't improve your cyber security posture at all.

    Free is still too expensive because it'll waste your time.

Login or Join to leave a comment
Login Join