“KIS: Keep It Secure”: a regional mechanism to raise awareness & enhance maturity about cybersecurity among SMEs in Wallonia, Belgium
Identifying solutions and moving towards a more integrated cybersecurity market
The EU already has many regions, or so-called ‘cyber valleys’ hosting mature regional ecosystems which foster innovation and deliver cutting-edge technologies.
Interreg Europe CYBER – for the strong European cyber security valleys
Three major barriers encumbering the interregional cooperation among the regional cyber security ecosystems inside the EU have been identified: a lack of coordination between relevant actors, cyber security skills gap and market fragmentation.
Interreg Europe CYBER aims to boost the competitiveness of the European cyber security SMEs by creating synergies among European cyber security valleys.
For reaching this, the European Regional Development Fund (ERDF) invested EUR 1,53 million in the five-year interregional cooperation programme. Through a series of interregional cooperation initiatives, CYBER aims to improve the sharing of good practices and public policies and to strengthen cyber security ecosystems.
The Bretagne Development Innovation agency is the leading partner in CYBER. The project involves seven European regional partners, including Institute for Business Competitiveness of Castilla y León (Spain), Tuscan Region (Italy), Digital Wallonia (Belgium), Brittany Region (France), and Kosice IT Valley (Slovakia), Chamber of Commerce and Industry of Slovenia (Slovenia) and Estonian Information System Authority (Estonia).
As an Advisory Partner, the European Cyber Security Organisation (ECSO) brings to the project its expertise on regional cyber security industrial policies, acquired in its Working Group 4 focusing on ‘support to SMEs and regional cooperation.
A multi-layered approach for cyber security: from Regional to European
June 2018 - May 2021: Phase 1 is dedicated to Interregional learning based on the exchange of experience amon partner regions. Together with their regional stakeholders, partner organisations (1) analyse territorial needs, (2) identify, exchange and investigate good practices, (3) develop action plans to improve regional policies.
June 2021 - May 2023: The Phase 2 is dedicated to the implementation and monitoring of regional Action Plans, that have been defined during Phase 1 based on the lessons learnt thanks to the interregional exchange. These AP help regional authorities improve the policy instruments targeted by each partner region (Operational Programme or Cybersecurity Strategy depending on the region) in order to boost the competitiveness of local cyber SMEs.
Our common methodology for CYBER includes a common and market-driven taxonomy to develop a structured mapping of regional cyber innovative ecosystems. It comprises cybersecurity providers, end-users, support structures, training organisations and research institutes.
The project also aims to understand the inclusion of local players in the design and implementation of local cybersecurity strategies. To identify good practices and policy needs, project partners exchange information through tailored questionnaires and a high-level strategic planning model (SWOT analysis).
While already contributing to the development of the EU’s digital single market, CYBER’s long-term goal is to significantly reduce cybersecurity market fragmentation in Europe by increasing interregional cooperation across European cyber valleys.
Brittany’s Investment for Growth and Jobs Programme ROP 2014-2020 aims to strengthen the coherence between investment and structural reform priorities. It focuses on the need to promote growth and employment to achieve Europe 2020 objectives.
The overall goal of Axis 2 «Developing Bretagne's economic performance through support to research, innovation and enterprises» is to support the competitiveness and economic performance of the region. Axis 2 has three main objectives: 2.1 Reinforce the competitiveness of Breton R&D in the European Research Area; 2.2 Improve the innovation capacity of Breton SMEs; 2.3 Increase the production potential of Breton SMEs.
Specific actions aiming to increase the competitiveness of SMEs include support to industrial innovative projects (2.2.3), to collaborative research projects (2.2.2) and to SMEs in all stages of their development (2.3.2).
According to the ROP, support for SMEs should be consistent with the RIS3, which includes cybersecurity as a strategic innovation area. In addition, specific actions and tools should be designed and implemented according to emerging needs or to a specific sector.
Considering the rapid growth of this industry and the increasing number of SMEs active in in this market, current actions should be improved and new approaches developed to better address the needs of regional SMEs (i.e. collaboration with research and Large Companies, access to larger markets, access to funding) and help them be more competitive.
Thematic objective 3 of the 2014-20 ERDF Operational Programme (OP) of Castilla y León aims to improve SMEs competitiveness in the region.
The main aim of the measures within objective 3 is to foster the entrepreneurial spirit and SME development in cybersecurity, through advanced support services and facilities. This will help SMEs to grow, collaborate, consolidate and gain international markets.
The following specific objectives are relevant to the topic addressed by CYBER: OE.3.1.2. creation of new enterprises and business incubators with improved access to funding and advanced support services; OE.3.4.2 promotion of innovation and cooperation to foster innovation in all sectors; OE.3.4.3. SME internationalisation.
These measures foster entrepreneurship in ICT, including the development of cybersecurity solutions through support for business creation and growth. They support increased usage of ICT tools in SMEs through technological investments / advanced technical services.
Based on the RIS3 analysis, it is necessary to deepen some structural elements (RTD infrastructures, clusters) to improve the incorporation of innovation in SMEs. Weaknesses refer to difficulties in reaching SMEs and low number of entrepreneurs. It is necessary to work on measures of the OP to reinforce competitiveness, foster the creation of new businesses and stimulate business growth from SMEs to Mid-Cap companies, providing more targeted support to SMEs active in the cybersecurity spectrum.
The Tuscan ROP 2014-20 and the regional RIS3 are implemented in a policy framework that, for ICT related topics, also includes the Digital Agenda and the Regional Industry 4.0. Strategy. In the framework of its RIS3, Tuscany Region (RT) built up this strategy to spread Industry 4.0. to SMEs and enhance SME integration in global value chains. All these strategies are implemented through the financial instruments of the ROP, which is the policy instrument tackled by CYBER. The focus will be Axes 1 and 3, considering measures 1.1.5 innovation, 1.4.1 innovative start-ups, 3.1.1 investment support and 3.5.1. support for new enterprises.
Through these axes, SMEs receive financial support to develop innovation projects in products, services, or business processes and for investments to increase competitiveness. Beneficiaries include the many SMEs operating in the IT sector in Tuscany and the many SMEs that could benefit from better cybersecurity systems. Following the Industry 4.0. priorities, and thanks to the new cybersecurity network (with relevant stakeholders and new structures), actions focused on cybersecurity will be piloted in the ROP.
The ROP could be improved through:
- specific measures for competitiveness targeting cybersecurity;
- more market oriented approach;
- interaction between clusters in emerging and consolidated sectors, to promote coordinated action for cybersecurity (in line with the ecosystem concept), while promoting market opportunities for SMEs.
Digital Wallonia is the strategy and platform that reunites all the ICT actors of the region (500M€ budget). It was created by the regional government to boost the role of Wallonia as a centre for excellence in the sector.
Strategic objective 1.1 focuses on developing a growth programme for companies in the digital sector.
It is divided into the following axes:
Strategic objective 1.2 focuses on the development of the digital sector’s international dimension, with an axis aiming to accelerate growth of champions in the digital sector abroad (1.2.1).
The strategy has 50 measures, of which 2 active measures focus on cybersecurity:
One of the main challenges identified by AdN is that the two sides of the market (SMEs interested in cybersecurity services/products and cybersecurity SMEs) will have to be reinforced in parallel, building on the work done within the Digital Wallonia strategy. The strategy should be improved also to reach more SMEs and build awareness on cyber-related topics.
Linked to Slovenia’s RIS3, Digital Slovenia 2020 (2016) lays down Slovenia’s key strategic development goals for the Information Society. It combines the Next-Generation Broadband Network Development Plan and the Cyber Security Strategy into a unified strategic framework. The Cyber Security Strategy is the policy addressed by CYBER. Its implementation is funded from the state budget and the Slovenian OP - EU Cohesion Policy 2014-20.
The Cyber Security Strategy has 8 Objectives. Objective 3 refers to cybersecurity in the Economy, with 2 areas of intervention:
1.Measures to foster research, development and innovation in the field of cybersecurity;
2.Awareness raising measures about cybersecurity among companies.
R&D projects should support industry digitalisation and help upgrade the cybersecurity system. Improved cooperation between business and academia is envisaged. The aim is to create a critical mass of cybersecurity experts and foster public-private partnerships, to develop innovative products / services with high market value in Slovenia and abroad.
Standards for cybersecurity will be developed and their implementation will be enforced.
3 main weaknesses have been identified, and are the reason why participation in CYBER is important:
The instrument addressed is the Cyber Security Strategy (to be reviewed in 2018), and connected policy instruments: Digital Agenda 2020 for Estonia and Estonian Entrepreneurship Growth Strategy 2014-2020. The Cyber Security Strategy Action Plan has a budget of 16 million € and it is partly funded through the ERDF. The specific support measure to be targeted by CYBER is the ERDF funded measure for Establishment of Technological Development Centres.
The aim of the policy and support measure of technological development centres is to promote R&D, development of technology and innovation and to improve competitiveness.
The strategy intends to implement nation-wide robust cyber security measures, enhancing information security competence and awareness, developing legal framework and advancing international cooperation. It creates a viable cybersecurity sector with export capacity, addition of new skills, new solutions commissioned by the Government.
The Cyber Security Strategy currently places little focus on concrete measures supporting domestic enterprises that offer cyber security solutions. It should be improved to ensure better coordination for R&I between SMEs, larger enterprises, academia, civil society and Government and better dissemination of information regarding funding opportunities, which include ERDF funding, Horizon 2020 calls and state allocations through creation and management of cybersecurity focused innovation hubs (Technological Development Centres).
The policy instrument tackled by CYBER is the Slovak Operational Programme Research and Innovation 2014 – 2020, Priority Axis 3, Enhancing the competitiveness and growth of SMEs.
This axis is divided in 3 measures, all relevant to CYBER: 3.1 Enhancing the growth of new competitive SMEs, 3.2 Growing internationalisation of SMEs and increased use of the possibilities offered by the EU Single Market, 3.3 Increasing SME competitiveness at their development phase.
Particularly relevant is the SBIR scheme (Small Business Innovation Research) that supports the exploitation of new ideas in the economy. It aims to foster SME competitiveness and to support entrepreneurs that find themselves in the death valley, where the risk of failure of a business is so high that they are not able to obtain funds from banks or investors. The existing forms of sectorial support (i.e on cybersecurity and the digital economy) are limited and uncoordinated and do not help overcome this barrier.
The OP aims also to create a comprehensive system of support for internationalisation of SMEs to contribute to eliminating existing barriers (high costs, lack of knowledge of the market, regulatory burdens, and insufficient capacity) through more targeted fund. In order to increase added value and productivity, the OP recognises the importance of inter-sectoral cooperation. The idea of an innovation ecosystem focused on a specific topic, such as cybersecurity is in line with the foreseen OP improvement.
“KIS: Keep It Secure”: a regional mechanism to raise awareness & enhance maturity about cybersecurity among SMEs in Wallonia, Belgium
Interreg Europe Cyber brings the answer to the consolidation of the market by increasing interregional cooperation across European CyberValleys.
The kick-off meeting of Interreg Europe CYBER project took place on 3-4 July 2018 in Rennes, France.