During the years 2023-2024, the Finnish Transport and Communication Agency (Traficom) and its National Cyber Security Centre has granted a total of six million euros of financial support in information security development to improve information security in Finnish companies In addition, Traficom’s National Coordination Centre (NCC-FI) received EU funding from the Digital Europe Programme which of two million were distributed to third parties. The financial support to third parties has been primarily aimed at strengthening the capabilities of small and medium-sized enterprises as well as enhancing Finland’s national capacity and infrastructure to defend against cyberattacks.
In September 2024 Traficom commissioned 4FRONT to evaluate the direct and indirect impact of its financial support for SME’s to implement cyber security solutions. This was among the first instances in which financial support from the Digital Europe Programme has been evaluated at the national level.
According to the evaluation the financial support had well fulfilled its purpose and the direct impact to beneficiaries was high. Nearly all of the funded projects (95 %) had managed to upgrade their technologies and reached project goals. Companies’ resilience against cyber-attacks had also increased.
The financial support had also generated additional demand for the provision of IT services with the volume of around EUR 0.9 million. These services were mainly provided by other Finnish companies, although the technological solutions were typically those of international companies.
The evaluation concludes that further support for companies to upgrade their cyber security should be ensured, and recommends that NCC-FI continues its efforts to this end and pursues relevant financial support from European and national sources.
The effectiveness of the instrument could most likely be further increased by decreasing the size of individual grants, while expanding the number of given grants. This would widen the reach of support to additional beneficiaries.
In terms of national cyber security capacity, it is important to ensure that all businesses, also the non-critical ones, have sufficient security level and are prepared to meet the necessary regulations. Hence, there is a need to raise the awareness, competence and cyber security level of the business sector, as a whole. In this regard, the evaluation suggests that also non-financial support is provided. Moreover, the lessons and practices from NCCs in other European countries should be systematically collected and utilised.
Picture: Unplash
