Uptake of innovative cybersecurity solutions for SMEs

The development of a cyber toolkit as a service to support SMEs managing cyber risks, defining, and implementing their cybersecurity strategy. The toolkit could include at least one of the following:

• Interfaces that will connect to existing SaaS applications such as HR, invoice and financial management, CRM and accounting systems, etc., which are often used by SMEs for increasing their cybersecurity.
• A functionality that enables the mapping and maintenance of an SME’s digital assets and possible vulnerabilities by interfacing with other SaaS applications that manage an asset inventory and data repositories.
• A function that supports the assessment and management of an SME’s cybersecurity risks and of supply chain risk management. This function should perform a risk assessment, provide recommendations for risk mitigation, and identify options.
• An interface to existing tools that support the analysis and assessment of the extent of an SME’s cyber risk based on information gathered from digital infrastructure scanning and data provided by authorised users.
• A function that issues alerts on vulnerabilities and threats based on the information collected by the risk management function.
• A function that connects SMEs to a CSIRT or a Cyber Hub to report an incident and assist with recovery if possible.
• A mapping and one-stop window/portal to existing tools and solutions targeting cybersecurity support to SMEs.
• Tools supporting detection, prevention and response in Operational Technology infrastructures using open standards or technologies.

Support and incident response capabilities to SMEs:

• Non-commercial cybersecurity hotline with a standardised framework and guidelines for response times, escalation procedures, and the scope of assistance provided.
• A fully operational, multilingual helpline that provides timely and accurate cybersecurity assistance to SMEs, leading to reduced successful cyber scams and improved digital hygiene.
• A National Cyber Response Platform for first cyber responders to exchange their experiences, share relevant news and engage discussions regarding challenges and emerging cyber threats complementary to existing cyber crisis management structures.
• Specialised training modules for first (public and private) responders’ services targeting different sectors such as healthcare, finance, energy, and transportation.

Support tools and platforms:

• Control Centre and Panel on Incident Reporting and dispatching of incident responders.
• SME user interface for Incident reporting associated with the cyber toolkit. Users can report an incident, get instructions on how to react and obtain information on how to receive support for the response. An AI assistant connected to a Control Centre could also be included.
• Interfaces with the National Authorities and Cross-Border Platforms (CBPs) for incident notification and information sharing.

The action aims at improving industrial and market readiness for the cybersecurity requirements for SMEs as specified in relevant EU cybersecurity legislation, for instance, as set in the Cyber Resilience Act ensuring more secure hardware and software products.

Proposals should contribute to achieving at least one of these objectives:

• Availability of innovative tools and services that support SMEs in complying with the EU cybersecurity legislation.
• Availability of innovative tools and services that support SMEs in reporting incidents and in assisting with recovery if possible, and in exchanging with competent authorities (i.e. cooperation with Cyber Hubs, CSIRTs (including in relation to the CSIRT Network) and/or ISACs, for e.g. highly critical and other critical sectors entities).
• Improved security and notification processes and means in the EU.
• Improved security of network and information systems in the EU.
• Industrial and market readiness for the proposed Cyber Resilience Act.
• Support for Cybersecurity certification in line with the Cybersecurity Act.
• Support for supply chain partners in standardised self-assessments and certifications. Helping downstream supply chain partners in a step-by-step approach to increase cyber resilience.
• Overcome the challenge of finding the technical skills required to deal with a complex technology landscape that relies heavily on extensive configurations and capabilities.
• Cyber toolkit as a service to support for SMEs¹ managing cyber risks, defining, and implementing their cybersecurity strategy, including several functions dedicated to risk assessment, vulnerabilities and threats detection, etc.
• Support and incident response capabilities to SMEs.

¹Cybersecurity guide for SMEs - 12 steps to securing your business, ENISA, 2021, available at: https://www.enisa.europa.eu/publications/cybersecurity-guide-for-smes.

The action will focus on supporting at least one of the priorities listed under Expected Outcomes section.