Skip to main content
European Commission logo
English
European Digital Innovation Hubs Network

Train your SME on the basics of cybersecurity

Train your SME on the basics of cybersecurity
Published at 28 August 2024 | Sweden

General details

EDIHs involved

Services provided
Training and skills development
Technologies
Cybersecurity
Sectors
Security
Education

Challenges

Small and medium-sized enterprises (SMEs) face increasing cybersecurity threats in today's digital landscape. A recent report by the European DIGITAL SME Alliance found a 57% increase in cyberattacks across Europe, with many targeting smaller firms that may lack both advanced security measures and expertise.

The challenge is multi-faceted:

  1. SMEs are often more vulnerable to cyber threats due to limited resources and expertise.

  2. There's a need to bridge the gap between general IT knowledge and specific cybersecurity skills.

  3. Cybersecurity is not just an IT issue but a business concern that requires a comprehensive understanding.

  4. The evolving nature of cyber threats demands continuous education and updating of skills.

  5. There's a need to develop a stronger security culture within organisations.

Specific challenges highlighted by course participants include:

  • Protecting organisations against constantly evolving online threats.

  • Improving internal awareness and education.

  • Involving the entire organisation in cybersecurity efforts.

  • Measuring and evaluating consequences and risks to make business decisions related to cybersecurity budgets.

  • Balancing compliance requirements with addressing risks that have real consequences for business operations.

Additionally, the diverse nature of SMEs, ranging from manufacturing companies to consultancies, means that cybersecurity needs can vary greatly. For SMEs undergoing digitalisation or developing highly digitalised products or services, early identification of cybersecurity risks and ensuring compliance with industry regulations are particularly crucial.

In response to these challenges, the "Basic Cybersecurity" course was developed as part of the Sweden Secure Tech Hub initiative, aiming to empower SMEs with growth ambitions and digital-centric business models with the knowledge and skills to navigate the evolving cybersecurity landscape.

Solutions

Cybersecurity basics in classroom at Kista Science City The Sweden Secure Tech Hub initiative developed a comprehensive "Basic Cybersecurity" course to address SMEs' cybersecurity challenges. Key features include:

  1. Hybrid Format: In-person workshops and self-study modules, accommodating 100 participants nationwide.

  2. Content: Led by Deputy Professor Mikael Asplund from Linköping University, covering cybersecurity in societal context, historical perspectives, new threats, vulnerabilities, countermeasures, and legal aspects.

  3. Practical Application: Hands-on exercises like threat modeling and risk analysis.

  4. Collaborative Learning: Small group discussions for experience sharing.

  5. Accessibility: Free of charge, co-financed by the EU and Swedish Agency for Economic and Regional Growth.

  6. Nationwide Reach: Conducted across multiple locations in Sweden.

  7. Flexible Timing: Four workshops over two months, balancing learning with work commitments.

  8. Recognition: Offers university credits.

Participants demonstrated enthusiasm and quick grasp of complex concepts, applying them to their specific work areas. The course aims to:

  • Demystify key cybersecurity concepts

  • Strengthen security culture and awareness

  • Provide SMEs with tools for effective defense

  • Address the digital skills gap in the workforce

The solution recognises the unique challenges faced by SMEs, including limited resources and expertise. By offering accessible, practical education, it empowers these businesses to enhance their cybersecurity posture.

The course's success lies in its ability to bridge theoretical knowledge with real-world application, fostering a community of practice among participants. This approach not only improves individual companies' security but also contributes to raising the overall cybersecurity standard across the SME sector in Sweden.

Results and Benefits

While specific quantitative results are not provided in the given information, several qualitative benefits and outcomes can be identified:

  1. Increased Understanding: Participants reported a deeper understanding of cybersecurity's complexity. They recognised that cybersecurity is not just an IT issue but a business concern as well.

  2. Practical Skills: The course provided tools for identifying weak links in process chains, which participants can apply in upcoming projects.

  3. Broader Awareness: Participants now realise that everyone in an organisation has a responsibility to protect against cyberattacks, fostering a stronger security culture.

  4. Networking Opportunities: The course facilitated connections between professionals from different organisations, allowing them to share experiences and learn from each other's challenges.

  5. Applicability to Real-world Situations: Many participants, even those not primarily working with cybersecurity, were able to connect theoretical knowledge to real-world situations.

  6. Enhanced Threat Modeling Skills: Participants learned how to combine threat modeling with risk analysis, providing a powerful tool for future use in their organisations.

  7. Improved Client Interactions: For consultants, the course helped bridge the gap in cybersecurity understanding when working with clients, potentially improving service delivery.

  8. Academic Recognition: The course offered university credits, providing formal recognition of the skills acquired, which could benefit participants' professional development.

  9. Cost-Effective Skill Development: As the course was free of charge, it provided a cost-effective way for SMEs to develop critical cybersecurity skills, which might otherwise be challenging to prioritise in smaller companies.

  10. Contribution to Business Resilience: By empowering participants with cybersecurity knowledge, the course contributes to building more resilient and secure business environments for SMEs.

Perceived social/economic impact

The "Basic Cybersecurity" course, part of the Sweden Secure Tech Hub initiative, is expected to have significant social and economic impacts:

  1. Enhanced SME Resilience: Improves cybersecurity knowledge and skills, potentially reducing the 57% increase in cyberattacks reported by the European DIGITAL SME Alliance, leading to cost savings.

  2. Improved Business Competitiveness: Better cybersecurity practices may make participating SMEs more attractive to clients and partners, potentially leading to business growth.

  3. Skills Development: Addresses the critical cybersecurity skills gap, contributing to a more knowledgeable workforce.

  4. Cross-Sector Collaboration: Strengthens cooperation between academia, industry, and the public sector across six Swedish science parks, fostering national innovation and knowledge transfer.

  5. Regional Development: Offering the course across multiple locations contributes to more even regional development in digital skills, potentially reducing disparities in cybersecurity readiness.

  6. Economic Efficiency: Provides substantial economic value as a free, high-quality training program, especially beneficial for resource-limited SMEs.

  7. Increased Awareness: Contributes to broader understanding of cybersecurity issues, potentially leading to more secure digital practices and fewer successful cyberattacks.

  8. Improved Risk Management: Participants learn to evaluate and measure cybersecurity risks, potentially leading to more informed business decisions and resource allocation.

  9. Enhanced Compliance: Helps SMEs better understand and prepare for regulatory requirements like GDPR and the upcoming NIS2.

The course's impact extends beyond individual businesses, contributing to a more secure and competitive national economy. By empowering SMEs with cybersecurity knowledge, it helps create a more resilient business ecosystem capable of withstanding evolving digital threats.

Measurable data

The course attracted 100 participants from 5 science parks involved in the EDIH project, with approximately 20 attendees at each location.

While quantitative data on the course's impact is still being collected, early indications are promising. Participants report receiving expanded responsibilities and increased support in escalating cybersecurity issues within their organisations. This internal elevation of cybersecurity concerns across the 100 participating SMEs is significant, as it could lead to improved organisational resilience. By prioritising cybersecurity at higher levels of decision-making, these businesses may be better positioned to implement robust security measures, potentially reducing their vulnerability to cyberattacks. This shift in organisational approach among the participants from the 5 science parks could have a tangible impact on the success rate of cyberattacks targeting these SMEs, although further data collection and analysis will be needed to quantify this effect across the regions involved.

Lessons learned

Do's:

  1. Offer hybrid learning formats: Combine in-person workshops and self-study modules to increase accessibility and participation.

  2. Incorporate practical exercises: Activities like threat modeling combined with risk analysis provide valuable, applicable skills.

  3. Facilitate small group discussions: Allow participants to share experiences and learn from each other.

  4. Provide pre-session materials: Review materials before lectures for more efficient sessions.

  5. Employ skilled moderators: Guide discussions inclusively, especially given varied knowledge levels among participants.

  6. Offer formal recognition: Provide university credits for participants' professional development.

  7. Tailor content to SMEs: Focus on the specific needs and challenges of small and medium-sized enterprises.

  8. Collaborate across regions: Involve multiple science parks to expand reach and impact.

  9. Emphasise real-world application: Encourage participants to apply concepts to their specific work areas immediately.

  10. Address diverse needs: Recognise that SMEs span various industries with different cybersecurity requirements.

Don'ts:

  1. Don't limit the scope to IT professionals: Recognise cybersecurity as a business-wide concern.

  2. Avoid purely theoretical content: Ensure material can be connected to real-world situations.

  3. Don't underestimate the value of networking: Provide opportunities for participants to meet and share challenges.

  4. Avoid one-size-fits-all approaches: Consider the varying needs of different types of SMEs.

  5. Don't neglect the business perspective: Include discussions on risk evaluation and budgeting.

  6. Avoid focusing solely on technical solutions: Emphasise the importance of organisational culture and awareness.

  7. Don't overlook compliance: Balance discussions of regulatory requirements with practical risk management.

  8. Avoid isolating cybersecurity from other business functions: Encourage a holistic view of organisational security.

Need support?

Consult our catalogue to locate the Eupopean Digital Innovation Hub nearest to you and accelerate your company's digital transformation.

Find my nearest EDIH