A preliminary investigation by the Cybersecurity research group into SMEs shows that 39% of metal companies have become victims of a cyber attack. Because metal companies rely heavily on information technology (IT), the impact of such attacks is high. For example, directors of SMEs reported direct financial loss, loss or damage to data and loss of time. Preliminary research shows that companies take too few measures to protect themselves. This is because existing risk models for cybersecurity - which have been developed for experts - are not suitable for managers in SMEs. To meet this gap, the Hague University of Applied Sciences, together with the Koninklijke Metaalunie and 12 metal companies, is requesting a subsidy to develop a risk model that can be applied by SMEs in the metal sector. This research is based on IS0 270011 and provides a risk model that can be used by SMEs to set up basic random cybersecurity processes in a simple manner. With this we give entrepreneurs handles to put their cybersecurity in order themselves. The outcomes of this project serve as the basis for a larger project proposal in which we further deepen the model and also make it applicable for SMEs in other branches of the smart industry.