As digitization becomes increasingly ubiquitous, the importance of information security for every institution is growing more evident year by year. According to recent studies, the cyberattacks of the past year have shown that any company can be targeted by hackers. Without proper information security, a company's survival is at risk. German companies have recognized the dangers of a wide range of cyberattacks and taken technical precautions. There has, however, been no significant increase in organizational measures for information security-including awareness raising and training for managers and employees. The question remains, however, how should awareness-raising measures be tailored to target groups? Profile groups tailored to the everyday working life and usage behavior of employees facilitate authentic learning based on a constructivist concept. Information security training is needed for every job profile in German SMEs. To verify this, an online survey was conducted and analyzed descriptively. Questions include the use of technical infrastructure and external interactions, the work environment, security measures, and the frequency and need for information security training. Correlations between job profiles, scatter plots with usage characteristics, and a comparison of usage behavior largely confirm the urgent need for awareness and the expected job profiles. SMEs are becoming more digital, more mobile, and more in need of training. The result is a "profile arc" that can be found in every company and used to guide authentic learning approaches. Constraints in the SME environment, such as short time frames with limited resources, and the impact of the pandemic need to be discussed.