New initiative to help Estonian SME’s to assess their cybersecurity

Pixellated image of people in an office

Information System Authority of Estonia (RIA) coordinates the development and administration of information systems ensuring the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.
Recently, RIA and Enterprise Estonia (EAS) came out with a new initiative Küberpööre which aims to financially support small and medium-sized enterprises (SMEs) that want to assess their cybersecurity and take prevention steps with an outsourced partner.

RIA’s expert Seiko Kuik let us in on the details of this pilot project.

  1. Could you tell us about the origins of the initiative?

The idea for the initiative Küberpööre was born out of the realisation that companies, particularly SMEs, are often ill-prepared to deal with cyber attacks and their potentially devastating consequences.
In Estonia, the role of the National Coordination Center (NCC) is fulfilled by RIA, more specifically the RIA's Research and Development Coordination Department, pan-European decisions and strategy are made by a board consisting of representatives of member states and representatives of the EU. Thus, concrete funding decisions are made in cooperation between the European Cyber Competence Center (ECCC) and the member states.
At the NCC of RIA, we recognised the need to encourage and support SMEs to invest more in their cybersecurity before an attack occurs. When the European Union introduced regulations last year to establish the ECCC, we saw an opportunity to make this goal a reality. The ECCC's mission is to invest in European cybersecurity research and development and support SMEs in the industry to bring their products to market.
Our initiative Küberpööre is part of Estonia's vision for realising EU cybersecurity goals and helping SMEs increase their cyber resilience.

  1. What has been the response from companies to the project?

We've seen strong interest from both applicants and companies looking to enhance their cybersecurity. Around 20 companies have submitted applications so far.

  1. What can companies do to increase their chances of receiving support?

There is no ranking system for applications, but companies should ensure they meet the current eligibility criteria and provide all the necessary information for evaluation by EAS. We encourage eligible companies to submit their applications.

  1. Are there plans to offer similar support measures for companies in other sectors in the future?

While the state cannot indefinitely provide such subsidies, we believe that companies should take responsibility for their cybersecurity and contribute to it themselves. We hope companies realise that their cybersecurity cannot be a casual matter.

  1. How do you assess whether companies are becoming more aware of cyber threats and security?

We've seen a growing awareness of cybersecurity threats among companies, largely due to a greater general awareness and an increase of cyber incidents affecting businesses.

  1. What advice do you have for entrepreneurs regarding cybersecurity and the initiative Küberpööre?

We urge eligible companies to take advantage of the opportunity to assess and improve their cybersecurity through Küberpööre. The first step is to gain a comprehensive understanding of your company's current situation. The second step provides support to address any identified deficiencies. For companies that have already assessed their cybersecurity, we encourage to take the second step to strengthen their resilience.

Learn more about Küberpööre here.