Policy Recommendation for Cyber-readiness of EU small and microenterprises:

Compiling the final deliverable of the CYBER-MSME project

Today, cybersecurity remains a central topic in the international and national agendas, and is gaining importance within the private sector. Large corporations and MSMEs are increasingly becoming aware of the need to equip themselves with the right tools and strategies to prevent and respond effectively to any cyber threat.

Based on ENISA’s classification of the “top 15 cyber-threats in Europe”, this report highlights main finings in terms of level of awareness and preparedness of EU MSMEs on cybersecurity and. As expected, while still maintaining its “EU relevance”, the topic of cyber-readiness seems particularly urgent for micro and small medium enterprises established in Southern/Balkan regions and operating in non-ICT dominant sectors.

Results suggest that the cyber-lag experienced by the vast majority of EU MSMEs is firstly and foremost and issue of culture and cultural understating. Despite the numerous initiatives implemented at EU level to increase the awareness on the topic, EU SMEs are still failing to comply with the very essentials of cybersecurity.

As final Intellectual Output of the project, partners compiled already two different document, one addressed to the community of practice of cyber education, and the other to policy makers and public’s representatives in charge of policy actions for private sectors’ competitiveness, digitalisation and education and training in general.

The experience gathered by partners throughout this 2-year period of implementation of the CYBER MSME project, allowed them to consolidate key triggers, guidelines and recommendations to sustain project’s replicability, and most importantly, the benefits that CYBER-like initiatives can bring at EU level

In its The EU’s Cybersecurity Strategy for the Digital Decade (2020), the European Commission analyses and reviews the measures implemented at European level and anticipates future developments in the cybersecurity domain.

Despite the number of initiatives and a general awareness in the cybersecurity field, Europe has not yet reached a sufficient level of cooperation with national authorities. National authorities do not systematically collect and disseminate data that could help the EU to develop situational awareness.

Currently, there is only a limited “mutual operational assistance” among member states: there is no “operational mechanism” among member states, EU institutions, agencies and bodies, capable of guaranteeing an effective protection and response scheme in case of large – scale and cross – border cyber – attacks.

The EU is faced with heterogeneous security regulations and several levels of cybersecurity maturity in the Member States: these are obstacles to an effective cross – border collaboration. It is crucial that future regulatory changes are the same in all Member States so that EU enterprises are not subject to different levels of security, the global pandemic of COVID-19 has shown the importance of collaboration and coordination at global level also in the area of cybersecurity. The increasing awareness of enterprises on possible cyber threats has led cyber criminals to adapt their attack’s schemes.

As described in the report “Emerging trends” by ENISA (2020), cybercriminals are taking advantage of the pandemic: they are increasingly well-prepared and use more sophisticated tools. This result, which is a sign of a general response of the enterprises to cyber threats, also shows the need to constantly implement cybersecurity procedures and tools, adapting IT systems to new conditions.

The future workforce needs to possess both knowledge, skills and life-learning mindset to quickly adapt to market needs and technological advances. Elements that can train the future workforce in digital skills (i.e. logical thinking, critical analysis, coding and algorithms) require an adaptation of the current educational system

For a full overview of this project’s deliverable, and all other resources made available by partners, please consult: