Establishing Cyber Security education, awareness, training and trust for SMEs Roger Dean, Executive Director www.eema.org

1
Establishing Cyber Security education,
awareness, training and trust for SMEs Roger
Dean, Executive Directorwww.eema.org
2
The Challenge

• SMEs are the most vulnerable due to
• No in house resources
• No funding
• No technical knowledge
• Once infected the vulnerability could infect the
  whole supply chain
• SMEs believe that their business will be
  invisible and will not be worth targeting by
  cyber criminals this is a myth the we need to
  overcome.
• It is imperative to communicate to SMEs that
  cyber security and risk management are a core
  threat that can destabilise their business.

3
The solution

• Market research in at least three EU states
• Raising awareness to acquire and disseminate
  cyber security knowledge and skills.
• Compile best practice training and education
  programme
• Initiate a short term market test programme
• Develop innovative techniques to facilitate hard
  to reach sectors

4
User Experience

• We have the skills and capability to manage a
  cyber risk project
• It is clearly in the interests of business to
  provide leadership and investment in this area
• We have a strong cyber security education and
  training base
• We have a vision for a vibrant, resilient and
  secure cyberspace
• Collaboration with other organisations such as
  ENISA, BCS, Chamber of Commerce
• This sprint will be greatly enhanced by EU
  Regulation and National campaigns which would
  champion the SMEs responsibility to ensure their
  cyber security.

5
The Benefits/Impact

• This will contribute to economic prosperity,
  protect the supply chain and a strong society
• A highly skilled workforce will enable cyber
  suppliers to derive maximum benefit from these
  opportunities
• Connect and mentoring SMEs through liaison with
  larger organisations
• Create a code of SME Best Practice Guidelines
• Establish a pipeline of SME stories, media
  interviews, stories, news releases, industry
  commentary
• In consultation with professional accountancy
  bodies define a set of cyber security audit
  requirements

6
Timescales

• Maximum 3 months to complete the sprint.
• Initial market research 4 weeks
• Collaborate with other cyber security
  organisations 4 weeks
• Create awareness and training programme 4 weeks
• Develop innovative solutions to enable hard to
  reach sectors 5 weeks
• Self audit by SMEs to measure effectiveness of
  the exercise 2 weeks
• Obviously some of these activities will run in
  parallel

7
Requirments

• Enlist experts in awareness and education to find
  creative solutions to the problems
• Research in partnership with a sample group of
  SMEs in three EU Member states to inform and
  support the SPRINT
• Time and travel expenses