Towards a consolidated European cyber security market: How can regional policies boost the competitiveness of cyber security SMEs?
November 29, 2018
Guest blog post by Danilo D’Elia, Senior Policy Manager, & Ana-Isabel Llacayo, Policy Manager at the European Cyber Security Organisation (ECSO).
With the upcoming European Parliament elections, the call for a set of strong measures to raise the cyber resilience is becoming the central point of discussions in the European Union (EU) capitals. To have a truly effective cybersecurity not only political strategies but also a robust European cyber security industry ecosystem, capable of providing the innovative technology solutions, is needed.
While the Silicon Valley is globally referred to as being the most competitive ecosystem in ICT and cyber security offering, Europe has many and various Cyber Valleys hosting mature and regional ecosystems fostering innovation and delivering cutting-edge technologies.
With a domestic market valued at EUR 25 billion and a very diverse industry landscape, made of 12 000 companies of which 74 % are micro companies and SMEs (source: 2017 ECSO Estimation), the European offering is still very fragmented across the different market segments and Members States. However, Europe can count on several ‘hot spots’ where Research & Innovation and training institutes, as well as end-users and public administrations work closely together.
Regions are the silo busters of the EU cyber security market
The EU regions play a fundamental role in structuring the still “young” European cybersecurity ecosystem. Regions are uniquely positioned to raise the global level of cybersecurity due to their privileged connection with the local environments.
Firstly, in the context of an emerging lack of qualified cybersecurity professionals, the regions have the potential to address the increasing shortage of cybersecurity providers and operators at the local level working together with local training centres and educational institutions.
Secondly, they are an essential part of the triple helix model of economic development, which involves governments, academia, and business. Besides, they play an important role in facilitating the development of local cybersecurity ecosystems by involving RTOs, training centres, services operators, incubators, SMEs and established large companies in cyber security solutions development
Additionally, what makes the EU regions so unique is the proximity with the local end-users. The local public administrations are the direct users of cyber security products when developing their sectoral policies (e.g. health, energy or transport) and measure for the protection against cyber attacks. It makes the regional level significant in disseminating good practices and establishing preventive measures and immediate response services.
In the end, to have a more integrated European cyber security market, we need to facilitate not only strong regional actions but also interregional cooperation and coordination
Interreg Europe CYBER – for the strong European cyber security valleys and interregional cooperation
The European Regional Development Fund (ERDF) heard this necessity and invested EUR 1,53 million in a five-year interregional cooperation programme, titled Interreg Europe CYBER. The project involves the Bretagne Dévelopment Innovation agency as the leading partner and 7 European regions, including Institute for Business Competitiveness of Castilla y León (Spain), Tuscan Region (Italy), Digital Wallonia (Belgium), Brittany Region (France), and Kosice IT Valley (Slovakia), Chamber of Commerce and Industry of Slovenia (Slovenia) and Estonian Information System Authority (Estonia). ranging from the southern European regions of Castilla y Leon (Spain) and Tuscany (Italy).
Interreg Europe CYBER aims to boost the competitiveness of the European cyber security SMEs by creating synergies among European cyber security valleys. Three significant barriers encumbering the interregional cooperation among the regional cyber security ecosystems inside the EU have been identified: a lack of coordination between relevant actors, the cybersecurity skills gap and market fragmentation. Through a series of interregional cooperation initiatives, CYBER aims to improve the sharing of good practices and public policies and to strengthen cybersecurity ecosystems.
Interreg Europe CYBER methodology includes a common and market-driven taxonomy to develop a structured mapping of the regional cyber innovative ecosystems. It comprises cybersecurity providers, end-users, support structures, training organisations and research institutes. The project also aims to understand the inclusion of the local players in the design and implementation of the local cybersecurity strategy. To identify good practices, needs for policy improvement and strategic actions for better policies, project partners exchange information through both tailored questionnaires and high-level strategic planning model (SWOT analysis). During the first phase (June 2018 – May 2021) of project implementation, regional partners engage in gathering together local cybersecurity ecosystem stakeholders to analyse territorial needs and develop action plans to improve regional policies. The second phase (August 2021 – May 2023) of the project focuses on exchanging good practices and building on the results of the local analysis of their regional ecosystem.
As an Advisory Partner, the European Cyber Security Organisation (ECSO) brings to the project its expertise on regional cybersecurity industrial policies, acquired in its Working Group 4 focusing on ‘support to SMEs and regional cooperation. Due to this substantial endeavour in positioning regions at the heart of the European policy decision-making in cybersecurity, ECSO provides guidance on the implementation of a multi-layered approach for more structured competitive ecosystems.
A multi-layered approach for cybersecurity: from regional to European
The stimulation of the interregional cooperation as conducted through CYBER will reduce market fragmentation and contribute on the long term to the development of the EU Digital Single Market. The 2017 European Commission Package on Strengthening Europe’s Cyber Resilience already indicates the EU regions as the intermediary players, standing between cybersecurity local ecosystems and European policy-making for the development of the future innovative European cybersecurity industry.Guest contributor