Cyber attacks cost the German economy a total of €223 billion every year. 88 percent of companies are affected by damaging attacks. The reason for a low level of security and poor implementation of GDPR requirements in companies often lies in the insufficient ability to correctly assess risk factors. Structural analyses of risk factors are costly and require extensive expertise. Even management consultants usually provide individual opinions rather than data and evidence-based recommendations. This is where our solution comes in. Our product helps our clients to gradually improve the compliance of their customers (especially SMEs as indirect customers). Compliance includes both security and privacy standards. The assessment of risks and the derivation of prioritised recommendations for action are based on a multi-factor risk model (DARA), which automatically incorporates current trends or changes in the legal or cybersecurity situation into the assessment schemes using AI. As a result, the client receives automated security assessments and concrete recommendations for action, enabling them to reduce their risk in a cost-effective manner and avoid damage and penalties before they occur.