What’s new in SMB1001:2026?

SMB1001:2026 updates for Perth SMBs: Mandatory DMARC from Silver tier, 5 maturity levels, Essential Eight alignment. Get certified, cut insurance costs, win tenders—start your roadmap today!

Garry BloomGarry Bloom · Founder & Senior IT Manager
25 February 2026
5 min read
SMB1001
SMB10012026
CyberSecurity
PerthBusiness
SmallBusinessIT
DMARC
EssentialEight

If you run a small or mid-sized business in Perth, most “big name” security standards simply weren’t written with you in mind. They assume in-house security teams, hefty budgets, and complex compliance processes that just don’t fit a 15–100 person operation.

That’s exactly where SMB1001 comes in — and the new 2026 update has raised the bar in a way local businesses can’t afford to ignore. Built specifically for SMBs and maintained by Dynamic Standards International, it gives you a staged, realistic roadmap from basic protection through to board-level cyber resilience, without needing a full-time security department.

What is SMB1001:2026?

SMB 1001 is a cyber security certification framework designed specifically for small and medium-sized businesses. It provides a structured roadmap that help organisations gradually improve their security capabilities and reduce cyber risk.

Instead of forcing businesses to meet complex security requirements all at once, the framework is built around five maturity tiers:

  1. Bronze: Basic cyber security practices and essential protections.

  2. Silver: Stronger controls and documented processes.

  3. Gold: Formal security policies and monitoring.

  4. Platinum: Advanced governance and vulnerability management.

  5. Diamond: High-level security maturity and resilience.

This tiered approach allows businesses to start with the basics and progressively strengthen their defences against growing cyber attacks.

What’s new in SMB1001:2026?

The latest revision, released in late 2025, tightens expectations in three big areas: email security, global alignment, and how certification levels are structured.

1. Email authentication is now mandatory from Level 2 (Silver).

Email remains one of the most common entry points for cyber attacks. To address this, SMB1001:2026 now requires stronger email authentication controls.

Businesses aiming for certification at Silver level or higher must implement:

  • SPF (Sender Policy Framework)

  • DKIM (DomainKeys Identified Mail)

  • DMARC (Domain-based Message Authentication)

These technologies help prevent phishing and business email compromise, including efforts to identify phishing emails before they reach users or are acted upon. This change directly targets business email compromise, still one of the most common and expensive cyber incidents affecting Australian SMEs.

2. Stronger mapping to international standards.

The 2026 version of SMB 1001 now aligns more closely with major global frameworks such as:

  • ISO 27001

  • Essential Eight (Australia)

  • UK Cyber Essentials

  • CMMC (United States)

That means a Perth business at SMB1001 Gold can demonstrate alignment with multiple frameworks at once, when working with government agencies, large enterprises, or international partners.

3. New Security Controls for Modern Threats

The updated standard introduces additional security controls designed to improve detection and response.

Some new requirements include:

  • Endpoint Detection and Response (EDR)

  • Managed Detection and Response (MDR)

  • Improved monitoring capabilities

  • Endpoint security (EDR/MDR) for real-time threat visibility and response

These controls allow businesses to identify suspicious activity earlier and reduce the impact of security incidents.

4. Five clearly defined tiers

The framework is structured into Bronze, Silver, Gold, Platinum, and Diamond, each building on the last so you can step up maturity in a controlled way.

  • Bronze(eg: Antivirus, patching, MFA, basic backup practices)

  • Silver(SPF/DKIM/DMARC, standardized policies, IR basics)

  • Gold(Endpoint monitoring, tested recoveries, user training)

  • Platinum(Formal risk management, supplier security, monitoring)

  • Diamond(Continuous improvement, board reporting, full program)

Why this matters in Perth in 2026

Three forces are all pushing local businesses in the same direction: prove your security posture or get left behind.

  • Larger customers and government bodies increasingly want hard evidence of cyber maturity from their suppliers, and SMB1001 is now on the radar of professional bodies such as law societies in other states.

  • Cyber insurers are tightening conditions and pricing policies based on whether you can demonstrate structured controls, and a recognised certification like SMB1001 gives underwriters something concrete to work with.

  • Regulatory expectations in Australia are trending towards mandatory frameworks and reporting, so adopting a standard now puts you ahead of upcoming compliance pressure.

SMB1001 vs Essential Eight

Both frameworks have their place, but they’re built for slightly different realities.

  • SMB1001 is multi-tiered and broad, covering technology, people, policy, and governance with lighter-weight controls that make sense for typical SMB environments.

  • Essential Eight is highly prescriptive, deeply technical, and originally designed with government and sensitive environments in mind.

For most Perth SMBs, SMB1001 Bronze or Silver is a practical starting point that lays the foundations and can later support a move towards Essential Eight if required.

Practical next steps for business owners

If you’re not sure where to begin, focus on three actions:

  1. Confirm your email authentication.
    Ask your IT provider if SPF, DKIM, and DMARC are correctly set up for your domains — and insist on a clear answer.

  2. Benchmark yourself against SMB1001.
    Bronze is achievable for almost any business that already has basic IT management in place, and a quick gap check shows you what actually needs work.

  3. Plan your path to certification.
    Whether you already have many controls in place or are starting from scratch, map out how to move from Bronze to Silver or Gold at a pace that fits your resources.

From there, a well-structured managed cybersecurity program can turn SMB1001 from “another framework” into a concrete advantage in tenders, insurance, and customer trust for your Perth business in 2026.

Conclusion

The SMB1001:2026 update reflects the growing need for practical cyber security frameworks tailored for small and medium-sized businesses.

With stronger email protections, better threat detection, and improved alignment with international standards, SMB 1001 gives organisations a realistic pathway to manage cyber risk and defend against modern cyber threats.

For Australian SMBs looking to strengthen their security posture without adopting overly complex enterprise frameworks, SMB1001:2026 provides a clear and achievable starting point. By following this framework, businesses can implement effective IT security solutions that scale with their growth and ensure robust protection against evolving cyber threats.

Garry Bloom
Written by
Garry Bloom
Founder & Senior IT Manager · 25+ years in IT

Garry founded Computer Mechanics — the business behind IT Support Perth — in 1997. With more than 25 years in IT management and support across internal and external service environments, he leads the team's technical direction and its cybersecurity and managed-IT strategy for Perth businesses.

Meet the IT Support Perth team →
Garry Bloom
25 February 2026
5 min read
SMB1001
SMB10012026
CyberSecurity
PerthBusiness
SmallBusinessIT
DMARC
EssentialEight

Stay Updated with IT Insights

Get the latest cybersecurity tips and technology insights delivered to your inbox

Related Articles

4 IT Gaps Small Businesses Overlook (and How to Close Them)

Most Perth businesses aren't undone by one huge disaster — it's the small IT gaps that stack up: missing MFA, delayed patching, old access nobody removed, and untested backups. Here's how teams under 50 users can close them. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

How to Safely Offboard an Employee (and Protect Your Company Data)

When a staff member leaves, their access is a security risk until it's properly closed off. A practical Perth-business checklist for offboarding an employee without losing data or leaving a door open. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

5 Signs Your Business Has Outgrown Your Current IT Guy

One trusted 'IT guy' works — until it doesn't. Here are five clear signs a Perth business has outgrown break-fix IT and needs a proper managed IT team. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

Need Expert IT Support?

Get personalized advice from our Perth IT experts. Free consultation available.

Related Content

Continue Reading

Explore more insights and expert advice on IT support, cybersecurity, and digital transformation

Your Messages Are "Encrypted" — But the FBI Just Read Them Anyway. Here's What Every Perth Business Needs to Know.
CyberSecurity
ITSupportPerth

Your Messages Are "Encrypted" — But the FBI Just Read Them Anyway. Here's What Every Perth Business Needs to Know.

Most small business owners believe end-to-end encryption means their messages are completely private. A recent FBI case proves that assumption is dangerously incomplete.

5 min read
4/15/2026
What Not to Do With AI Agents: 7 Mistakes Perth Businesses Should Avoid in 2026
AI
AI_agents

What Not to Do With AI Agents: 7 Mistakes Perth Businesses Should Avoid in 2026

Thinking about using AI agents in your Perth business? Avoid these 7 common mistakes: lack of goals, no guardrails, over-trusting outputs, and more.

5 min read
6/5/2026
Why Reinstalling Windows Won’t Fix a Hijacked Account
CyberSecurity
ITSupportPerth

Why Reinstalling Windows Won’t Fix a Hijacked Account

System got hacked & reinstated Windows, but attackers stayed logged in. Learn why fresh installs don't fix hijacked accounts and the 6-step process to secure your accounts: sign out of all devices, reset passwords, and re-register

5 min read
6/4/2026