European money for SME cybersecurity

Leuven, 1 February 2024

The European Commission has incorporated the newly established CYSSME collaboration into its Digital Europe funding programme. CYSSME has been granted a three-year mandate and a substantial subsidy package to aid in enhancing the cybersecurity of European SMEs. CYSSME stands for Cybersecurity and Data Protection for Small, Medium and Micro Enterprises.

The CYSSME partners believe that Europe possesses all the technology required to optimally protect SMEs, but there is a lack of awareness and personalised support for these enterprises. In recent years, the number of SMEs affected has doubled annually, according to CYSSME’s initiator, Ulrich Seldeslachts: ‘Research and development are fully established in Europe: there is ample indigenous technology available. But we still need to work on getting these technologies adopted. A one-size-fits-all approach to cyber resilience doesn’t work, and self-assessment by SMEs doesn’t always result in accurate and expert security. We need a more targeted approach with a personalised strategy for each company.’

All security components from Europe

CYSSME has noted that not all companies are digitalising at the same pace, and many SMEs also view cybersecurity as a barrier to digital transformation. CYSSME will therefore individually analyse the cybersecurity and data protection for each SME that requests support in order to examine their needs and requirements. This will be followed by long-term support with customised solutions based on the needs identified.

For this, CYSSME will provide a multi-layered security system that SMEs can then maintain simply and autonomously. Some components have received EU funding and all have been developed in Europe. They are available in a European Cybersecurity app store, which includes open-source and commercial software.

Focus on companies in digital transformation

CYSSME’s focus is on SMEs in the technology, industry, retail and e-commerce sectors – sectors that contribute to successful digital transformations, labour mobility and productivity in Europe. SMEs from other sectors are also welcome, especially in light of the relatively new NIS2 Directive that requires companies in critical sectors to improve their security.

A CYSSME project can start with an intake interview and initial cybersecurity audit by experienced experts. Companies that already know what they want and need straight away are equally well supported with technology and assistance.

A more comprehensive maturity assessment will subsequently serve as the basis for a roadmap and further optimisations. CYSSME will assign a mentor to guide each company, and participating SMEs will receive a plan with all the necessary implementations and interim objectives, as well as ongoing advice, training and knowledge transfer. The aim is to help participating companies become self-sufficient in cybersecurity within 3 to 6 months.

Best practices as a starting point

CYSSME emphasises that each SME will receive a tailored approach, with the experiences being compiled into a series of best practices; recommendations that are evaluated for relevance to each individual company. These detailed recommendations will be made publicly available, even for those not yet participating in CYSSME. CYSSME will ensure that no information is released that could be exploited by hackers to target individual companies.

How to participate in CYSSME

Any SME within the EU may submit an application, which will be assessed by CYSSME. The final selection will be based on the applicant’s needs and sector, and the commitment they are willing to make. CYSSME requires that an SME allocates sufficient time to fully refine its cybersecurity in a short period, and applicants will need to provide certain guarantees in this regard. CYSSME further expects each SME to participate very actively in raising awareness about cybersecurity. Agreements on this are also made in advance.

In principle, companies with more than 250 employees or more than €50 million in consolidated turnover are not eligible for CYSSME. Exceptions may be made for companies that need to comply with the NIS2 Directive.

Up to more than €20,000 grant per SME

European SMEs looking to actively enhance their cybersecurity can receive partial funding for CYSSME’s services. There is a grant budget of around €20,000 available per company or organisation. CYSSME anticipates that this will enable it to offer services to around 300 companies, based on the just over €7 million it has received from European funding.

Any SME that completes the initial phase of a cybersecurity project with CYSSME within six months of starting can receive a grant to fund services for preliminary studies, technology, installation and integration, coaching, training and project documentation. This applies to businesses of all sizes, from micro-enterprises with just a few employees to medium-sized or large organisations.

Companies and organisations can submit an online application for a cybersecurity project via this application form:


Smaller businesses are equally exposed to online threats but have far fewer resources to adequately protect themselves. The European CYSSME project provides assistance with an effective and affordable approach that is fully tailored to each company’s challenges and risk profile. Thanks to CYSSME, participating companies can swiftly identify their security priorities, learn how to mitigate risks, and navigate the online world safely.

This project has been funded by the European Union’s Digital Europe programme under grant agreement 101128101.

The Digital Europe funding programme has entrusted the project coordination to the European Cybersecurity Competence Centre (ECCC), which will collaborate with the National Cybersecurity Coordination Centres (NCCs) of the member states for this purpose.

Contact details

Ulrich Seldeslachts, Managing Director LSEC vzw
[email protected]

[email protected]

+32 16 79 85 85

Partners of CYSSME are AXS Guard (BE), BA (BE), Ceeyu (BE), Cross-Border Commerce Europe (BE), Cyber Trust Services (AT), Exalens (NL), L3CE (LT), LSEC (BE), Lupasafe (NL), NoCode-X (BE), Toreon (BE), UNIZO (BE).