Good practice:

Cybersecurity voucher

Trends are showing significant increase in hacked and breached data, as well as in large-scale breaches. That is why Slovenian Enterprise Fund recognized the importance of enhancing digital security of SMEs Micro, small and medium-sized companies with their registered office in the Republic of Slovenia may apply for the cybersecurity voucher offered by Slovenian Enterprise Fund. The voucher offers co-financing of eligible costs for the system security review and/or penetration test. This enables them to reduce part of the costs, making measures more accessible.
The applicant selects a contractor from the catalog of experts in which contractors themselves pre-registered, but the entry requires Digital Innovation Hub (DIH) Slovenia’s approval. The contractor and the applicant then have to agree about providing the service. Next step is submission of the prepared application with all the necessary attachments. The eligible applicant is invited to sign the contract with Slovenian Enterprise Fund. This is followed by the implementation of the project – a system security check and/or penetration test. The applicant has a maximum of 6 months from the date of signing the contract to carry out all the required activities and submit to the Slovenian Enterprise Fund a request for payment.
This practice encourages SMEs to increase cybersecurity and perform system security checks and/or penetration tests, thereby increasing their competitiveness, added value, and revenues from sale.

Up to 60% of the costs are covered (maximum amount up to 9.900,00 EUR). The other 40% and the amount exceeding the maximum shall be borne by the applicant. The applicant also must have the necessary resources to carry out the project.

There were 17 cybersecurity vouchers approved in 2019 (also 381 vouchers in Digital competencies, 603 vouchers in Digital marketing and 100 vouchers in Digital strategy). Overall, 945 companies applied for the vouchers until February 2020 and the number is growing. There are more than 500 experts registered in the catalogue. The practice is user-friendly and easily understandable, encouraging businesses to take cybersecurity measures in order to tackle emerging cybersecurity issues.

The minimum tender requirements must be respected in the implementation. Also, there is a risk of exploitation, which can be prevented by appropriate controls.

Many small business enterprises are still acting under a false sense of safety. Not even the latest and strongest security can protect you if you open the door and let the criminal in. Identifying a cybersecurity risk can be daunting for many businesses, as it is dissimilar, involves things that may not be entirely understood and may not have had any formal training in this field. This is why it is important to enable those, that do not currently have the resources to bring in an outside expert and to make security recommendations, to take the required steps to reduce the risk of becoming the victim of cyber-attack and enable them cofinancing. It is easy to use and transfer to other fields and countries.