Enhancing Cybersecurity for Small and Medium Enterprises in the Republic of Cyprus 2025
Enhancing Cybersecurity for Small and Medium Enterprises in the Republic of Cyprus 2025
Beneficiaries
Small and Medium Enterprises (SMEs)
1) Small Enterprise
– Fewer than 50 employees.
– Annual turnover or total balance sheet ≤ €10 million.
– Newly established enterprises are included.
2) Medium Enterprise:
– Between 50 and 249 employees.
– Annual turnover ≤ €50 million or balance sheet total ≤ €43 million.
*Not Eligible to Participate:
1) Enterprises that have already received funding under the NCC-CY-ENTERPRISES/1223 program.
2) Enterprises operating in the tourism sector (hotels, travel agencies/agents).
3) Enterprises operating in the following sectors:
– Fisheries and aquaculture.
– Primary production of agricultural products
Additional Conditions:
1) The entity must be legally established and operating in areas controlled by the Republic of Cyprus.
2) There must be no outstanding debts to the Digital Security Authority.
3) Mandatory implementation of at least one publicity action to promote the achieved certification (e.g., publication in the media, social media campaign, or event).
Eligible Costs
Eligible expenses relate to services and equipment necessary for obtaining cybersecurity certification.
Expense Categories:
- Purchase of Services
- Purchase of Instruments and Equipment
Indicative Examples:
- Design and implementation of cybersecurity policies.
- Staff training and awareness activities.
- Installation of two-factor authentication.
- SOC (Security Operation Center) systems.
- Firewalls and Web Application Firewalls (WAF).
- Backup systems (storage, tapes).
- Antivirus and network attack protection software.
- Penetration Testing services.
- DoS/DDoS protection services.
- Business Impact Analysis services.
- IDS/IPS systems (Intrusion Detection/Prevention Systems).
- SIEM systems.
- Design of data protection policies (GDPR compliance).
- Physical security systems (e.g., access control).
- Cost of one cybersecurity certification audit by the Digital Security Authority (DSA).
Important Notes:
- Three quotations must be obtained for expenses exceeding €15,000 (excluding VAT).
- VAT is not eligible and must be covered by the beneficiary.
- The entity that performs the gap analysis cannot also provide the services/equipment for implementation.
Funding
1) Minimum funding per project: €20,000
2) Maximum funding per project:
– €65,000, or
– €75,000 in case the ENISA AR-in-a-Box tool is used.
3) Funding intensity: 70% of eligible expenses.
Grant Payment Process:
1) Advance Payment: 50% upon signing the contract.
2) Final Payment: The remaining 50% is paid after project completion and submission of:
– Activity Report.
– Grant Payment Application.
– Proof of certification achievement.
Note: If certification is not achieved, the advance payment must be returned to the Research and Innovation Foundation (RIF).
Eligibility Criteria
For a proposal to be deemed eligible, the following conditions must be met:
1) Legal establishment and operation within the Republic of Cyprus.
2) Only one proposal per entity can be submitted
3) Compliance with the de minimis Regulation (EU 2023/2831).
4) Mandatory participation in:
– Project Coordinator in an information workshop organized by RIF.
– A team member in CISO (Chief Information Security Officer) training.
– Financial management training seminars.
5) Implementation of at least one publicity action.
6) Compliance with environmental requirements, ensuring no significant harm to the six environmental objectives of the EU.