EU funding helps Europe’s cybersecurity sector build a sustainable future

Summary

  • NextGenerationEU represents an opportunity for Irish companies to break into new markets or scale their presence in existing markets.
  • EU member states heavily committed to upgrading the security of the public sector, while also funding improvements for private companies
  • Click or scroll down for more information about the cybersecurity market in:

In the digital age, cybersecurity is crucial. Without strong protection, both public sector bodies and private companies are vulnerable to attack and being disabled by bad actors, whether those are criminal gangs or rogue states.  

 

“It’s a relatively new sector, but the threat is global. Every sector and subsector is vulnerable to attack, although the public sector, banking and consumer goods companies tend to get more attacked than others,” says Raul Marigorta, Senior Market Adviser, Digital Technologies at Enterprise Ireland.  

 

It’s no surprise that the EU is deeply committed to cybersecurity. Its Cybersecurity Strategy is a key component of the €2 trillion Recovery Plan for Europe and every government in the region is committing huge budgets to shoring up cybersecurity.  

 

As Marigorta points out, this doesn’t just involve larger companies and public sector bodies, but also small to medium-sized enterprises (SMEs), which can be especially vulnerable to attack. 

 

The rise of hybrid working and teleworking has compounded the risk. ‘In the past everyone was working from one physical location with one firewall,” says Marigorta, “but now maybe 50% of employees are spread in different locations. Normally people have simple wi-fi access points and non-protected routers at home, and that gives bad actors a way in. Cybersecurity today must be multi-device and multi-location.” 

Need to protect against a variety of attacks

As Marigorta points out, high level catch-all protection may have been sufficient for organisations in the past, but as threats get deeper and more varied, more complex solutions are needed.  

 

“The sector is not mature and threats are changing continuously,” he says. “You can control the threat today, but a new one is coming tomorrow that needs a new solution. Multiple risks need multiple solutions.” 

 

That means plenty of opportunity for innovative cybersecurity firms, who can find a specific niche in the market and excel there. Ireland already has a strong cybersecurity cluster offering solutions across the range of needs from SMEs, large companies to public bodies, he adds.  

Addressing the opportunity

Irish tech firms may not find it a complex challenge to pivot to cybersecurity as such, says Marigorta, but they should bear in mind there is a talent shortage when it comes to relevant programmers and software engineers. This is especially the case given that every sector needs to tackle cybersecurity.  

He adds that companies entering this market also need to be mindful that offering support and maintenance is crucial. “You can’t just install software and forget it,” he says. “It needs to be updated regularly against new threats and attacks, it’s never static.” 

On the upside, he points out that the need in different countries doesn’t differ much.   

“This is a pan-European multinational issue,” says Marigorta. “The attacks are the same, whether you’re in London, Paris, Dublin or Madrid. That means once you are solving the problem in one place, you can solve it in different markets.” 

He adds, however, that national regulations may differ, although there is broad collaboration across the EU on cybersecurity.  

Expert advisors in Enterprise Ireland’s network of office across Europe, together with its Market Research Centre in Dublin can support your business as it investigates market opportunities, including by making local introductions and helping you to build your network. 

Market snapshots

Benelux

One size doesn’t fit all across Belgium, Luxembourg and the Netherlands, where local practice and expectations can differ when it comes to buying cybersecurity solutions. 

The cybersecurity ecosystem across the Benelux region is quite advanced. Each country has a myriad of organizations, associations and professional experts dedicated purely to increasing cyber resilience. 

The internet economy makes up 6% of GDP in the Netherlands, one of the world’s most digitally connected countries, and cybercrime is a considerable concern. It’s also home to the EU’s largest cyber cluster – The Hague Security Delta (HSD). There, the Dutch Government, knowledge institutes and private organisations collaborate on cyber resilience.  

Zero-day attacks, ransomware and digital espionage are key concerns for the Netherlands. Its Cyber Security Strategy 2022–2028 sets out planned government actions and flags the upcoming merger of three national centres into one national cybersecurity authority.  

Meanwhile in Belgium, the national Cyber Strategy 2.0 aims to make Belgium one of the least vulnerable countries in Europe, from being the fourth globally for cybercrime density in March 2022.  

The Centre for Cyber Security Belgium is the relevant national authority. It prepares, disseminates and supervises the implementation of standards, guidelines, and security standards for the public sector. 

Lastly, Luxembourg’s National Cyber Security Strategy 2021 – 2025 sets out how Government intends to secure cyberspace at all levels. 

The EU is support cybersecurity objectives through substantial funding across various funding programmes, such as Digital Europe, Connecting Europe Facility second generation (CEF2) and Horizon Europe.   

Also worth being aware of is TIIN Capital, a Dutch-based venture capital fund focused on early stage companies and scale ups active in Cybersecurity and IoT Security solutions. It’s a unique cybersecurity fund for start-ups and scale ups.  

Among the Irish companies active in the Benelux region are mobile and cloud security experts CWSI, which has pursued an acquisition strategy, buying Blaud in the Netherlands and Mobco in Belgium. 

Other Irish firms will find opportunity abounds in the region. Customers could include resellers, end users, government Departments and local Authorities. EU institutions and Third level colleges.  

Trade shows are an excellent opportunity to meet potential clients, managed service providers (MSPs), channel partners, resellers and solution houses. Good examples include the Cybersec show in Brussels, the Cyber, Cloud and IoT show in Amsterdam and ICT Spring in Luxembourg.   

The main barriers can simply be a misunderstanding of local business cultures. The Netherlands has a high English proficiency and like direct business dealings, for example.  

 In Belgium by contrast, language is important, and having a local hire with language skills will greatly help your chances of success. There is also a longer sales cycle in Belgium, and a stronger focus on commitment and relationship-building. Belgian communication style can be less direct and can differ in Wallonia or Flanders.  

 Innovation and dedication are essential across the Benelux region. The most interesting technologies will get attention – coming to the market with a similar offering to a national competitor will be harder than arriving with something new and novel.  

 That said, solution houses want to add new technologies to their arsenals. Having a local presence will also show a stronger dedication to the market and help with local buy in. 

 Top tip 

Get into the market as often as possible. It’s difficult to build your network and get traction from Ireland. It’s important to be face-to- face, go to events and meet contacts to gain the market knowledge that will win you business. 

Back to top

France

Having caught up in recent years (with 10% annual growth between 2015 and 2020), the French cybersecurity market is now dynamic and high value. Cloud computing, Industry 4.0 and the Internet of Things are expected to be the main drivers of future growth.  

Given growth in cyberattacks of 155% in 2020, according to the government, there is keen interest in addressing the issue. It has been acting to: 

  • regulate the digital sector and protect data 
  • secure digital and telecommunication businesses and infrastructures 
  • develop the industrial, research and innovation ecosystem.  

France has a strong public framework to help and stimulate the French cybersecurity market, with ANSSI (the National Cybersecurity Agency) as a cornerstone.  

Showcasing French know-how in cybersecurity, the Cyber Campus at Paris-La Défense was inaugurated in February 2022. It aims to bring together cybersecurity talents and create public/private sector synergies. Further Cyber Campuses around France offer training courses and skills development.  

In November 2022, France announced €35m in funding for SME cybersecurity. This is in addition to its cybersecurity strategy, launched in early 2021, under which it will invest €1 billion, including €720 million in public and EU funding in the sector. It aims to: 

  • triple the industry’s turnover from €7.3 billion to €25 billion 
  • double the number of jobs in the sector from 37,000 to 75,000, including recruiting 200 more staff to ANSSI  
  • create three French cybersecurity unicorns 
  • improving state and regional cybersecurity 
  • tackle attacks on hospitals, ports and maritime facilities, which have been faced with intense attacks. 

Budget 2023: France increases its investment in cyber security 

The government intends to modernise the means of fighting cybercrime with the recruitment of 1,500 “cyber-patrolmen”, the launch of a training school dedicated to cybersecurity and an emergency number set up specifically to fight cybercrime. Indeed, the government intends to modernise the means of fighting cybercrime. With this new budget, France is also acquiring new digital tools for law enforcement and even plans to create a cyber security agency dedicated to investigating cyber attacks. 

French cybersecurity firms see 75% of revenue coming from a handful of companies. Overall, the market comprises:  

  • Public authorities and operators of vital services subject to regulatory constraint  
  • A small number of mature organisations with specific and advanced needs – these include Société Générale, LVMH, Enedis, Airbus, Total and Renault  
  • Maturing customers with growing cybersecurity needs, mostly medium and large SMEs    

A handful of big local players dominate the market, integrating specific solutions from SMEs into their end-to-end offerings. Irish firms will find opportunity where they can offer innovative solutions, possible based on AI or machine learning, to tackle some of the most common issues in the market, which include: 

  • ransomware, which is the leading threat 
  • payment fraud 
  • botnets 
  • fake money transfer scams 
  • phishing 
  • device or software vulnerabilities 

Given local competition and to reduce time to market, it can make sense to pursue a partnership approach when going into the French market.  

Irish companies may also face challenges because of long sales cycles and due diligence processes. That said, France can be a significant and lucrative market for innovative, leading-edge Irish companies. 

Irish companies thriving in France include VigiTrust, which works with hotel chain ACCOR to ensure its payments are secure and it complies with the Payment Card Industry Data Security Standard (PCI DSS). 

Top tip 

Identify the right partner with existing relationships in private and/or public sector where your product or expertise complements the partner’s offering. Secure appropriate staff numbers, marketing and sales budget to develop the relationship with the partner.

Back to top

Italy

With attacks on the increase, both the government and the private sector in Italy are boosting budgets to grow cybersecurity protections. 

In 2021 the cybersecurity market in Italy reached its highest ever value of €1.5 billion, up 13% on the previous year. It’s expected to be worth over €2 billion in 2024. 

As cyber threats have grown consistently, cybersecurity has become a priority for all businesses. The government has introduced related tax breaks for companies, and is creating a National Cybersecurity Park and a number of hubs across Italy. 

The government plans to devote 1.2% of the national budget to cybersecurity and set up the new National Cybersecurity Agency (ACN) in 2021. This aims to: 

  • protect the country and its infrastructure from cyber threats. 
  • guarantee the coordination of all public stakeholders as a single cybersecurity interface 
  • develop a national cybersecurity workforce through education 
  • run awareness campaigns  
  • develop a strong cybersecurity culture. 

Italy’s strategic maritime location and long coastline offers strong potential for offshore wind. This is especially true in the south, and around Sicily and Sardinia, where wind speeds are higher,

Within Italy’s €191 billion National Resilience and Recovery Plan or Piano Nazionale di Represa e Resilienza (PNRR), which is funded by the EU, €59.46 billion is devoted to the circular economy and introducing green initiatives. The government is adding a further €30 billion in grants.

Furthermore, the PNRR also includes significant commitments around infrastructure with:

  • A commitment to reform and simplify the planning process for both onshore and offshore sites
  • €31bn allocated to upgrade railways and ports

The lack of developed supply chain in Italy offers significant opportunity for Irish companies, but they will have to contend with challenges in the market. These include complex RFPs, bureaucracy and planning processes, along with local competition and local objections.

Key stakeholders include:

  • Terna (TSO)
  • Elettricità Futura (National Association for organizations in the energy sector)
  • ANEV (Italian National Wind Energy Association)
  • ERG (Italy’s leading wind energy producer)
  • WEMES (R&D Association for OSW)
  • Eni (Italian energy multinational)
  • Renexia (renewable energy firm)

Irish firms will find opportunity in Italy around:

  • Surveying for the feasability and development stages
  • Supporting the upgrade of ports and other infrastructure
  • Digitalisation and smart energy solutions

Operations and maintenance.

Local competition can present a challenge to those considering the market. Large system integrators and international cybersecurity players dominate the market.  

Companies also often find they need to educate the market. Potential customers are often still at an early stage of adoption and are keen to find the best solutions for their needs. Consider finding a local partner to help cut your time to market.   

Take your time and be prepared. Invest in validating the market opportunity and building the right market entry strategy. Italian customers value strong relationships so it is worth spending time investing in building your network. 

Top tip 

Italian companies are looking for new solutions and are open to foreign technology vendors. They prefer, however, to work with vendors with strong references, which should be local if possible.  

Italian business culture is relationship-oriented in general. Companies must develop  personal relationships to establish lasting, successful business relationships. This demands time, dedication and commitment. 

Poland

While it has lagged in Europe, Poland is set to soar when it comes to cybersecurity, with extensive public sector initiatives and funding, and substantial private sector interest.  

 

Large Polish companies, especially in the telecoms and financial sectors, are well advanced in implementing cybersecurity measures. SMEs and the public sector lag behind, however,  due to underfunding. As a result, Poland ranks 24th in the EU when it comes to business preparedness for cyberattacks.  

Rapid growth is now likely, however, with the Polish cybersecurity market forecast to grow by 11% annually to reach US$2 billion by 2025.  

The Russian invasion of Ukraine and increased state-driven cyberattacks have put additional pressure on Polish public sector agencies.  

To address this and the overall cybersecurity threat, the government is seeking to centralise its IT resources by creating a national cloud operator to develop and maintain key IT infrastructure initiatives. This includes creating a marketplace for applications and solutions that are prequalified and pre-screened from a cybersecurity point of view. 

Key stakeholders in the market include: 

  • The influential Association of Business Service Leaders, which could offer a good door to the market for Irish companies.   
  • CyberMadeInPoland, which has 80 members and partnerships with the Polish ICT Chamber, government agencies, academic institutions, VC funds and international bodies such as the European Cyber Security Organisation (ECSO). It focuses on: 
  • educating the market 
  • certifications 
  • supporting international expansion of local providers  
  • creating partnerships with other similar organizations. 

Through its National Resilience and Recovery Plan, Poland is dedicating €35.4 billion of EU grants and loans to reforms and investments. Of this, 21.4% is going to digital initiatives and €443m to cybersecurity in particular.   

Targeting public sector clients require significant effort and local presence. It is easier to target the private sector and more mature organisations, such as those in global business services.  

With more than 1,500 shared service and BPO centres employing over 400,000 people, it is one of the most advanced business segments in Poland and has significant appetite and budgets for digital transformation initiatives.  

Irish firms already thriving in the sector and with significant resources on the ground include Stryve (which has won a substantial public sector tender), Smarttech247, VikingCloud, and TitanHQ, which partners with Bakotech, one of the most active cybersecurity distributors in the Polish market. 

Other Irish firms will find opportunities across the whole spectrum of cybersecurity in Poland,  including: 

  • education 
  • securing remote/hybrid work environments through VPN 
  • identity access management tools 
  • detecting phishing/ransomware attempts 
  • securing existing applications and environment. 

Local presence, either direct or through a partner, is a must. Selling to the public sector requires existing relationships and a long-term strategy, however, so it’s vital to have a partner in the market.  

Furthermore, larger businesses, such as banks and telecoms companies, won’t deal with small providers out of fear they won’t to deliver to the required standard.

 Top tip 

Identify the right partner with existing relationships in private and/or public sector where your product or expertise complements the partner’s offering. Ensure you put in place enough staff and a sufficient marketing and sales budget to develop the relationship with the partner. 

Spain

Spain is a sectoral leader, but specialist Irish firms and those that can help counter the cybersecurity skills shortage can certainly find opportunity there.  

Spain is taking a leading role in cybersecurity. It’s ranked fifth in Europe and seventh in the world by the International Telecommunication Union (ITU)’s Global Cybersecurity Index.  

The government initiated the National Cybersecurity Strategy in 2013, while the Digital Spain 2025 Agenda sets a national goal of having 20,000 new specialists in cybersecurity, AI and data by 2025. Moreover, its 2022 5G Cybersecurity Law set specific cybersecurity requirements for 5G networks, while the 2021 National Digital Skills Plan addresses the digitisation of both SMEs and the public sector.  

One problem unique to Spain is that the many international technology businesses that have set up operations in the country tend to be heavy recruiters of cyber security talent, which deprives other organisations of these skills.  

The key stakeholder in the market is INCIBE, the Spanish National Cybersecurity Institute, which is responsible for the development and application of cybersecurity policies  

    Under the EU Next Generation funding programme, Spain is receiving €4 billion to support connectivity, data infrastructure and the related ecosystem, including cybersecurity. It is also getting €4.6 billion for the digitalisation of industry, SMEs and tourism and culture systems, along with investments in AI. 

    There’s high demand for cybersecurity products and services in Spain, with 94% of companies having already experienced at least one serious incident. According to the Hiscox Cyber Readiness Report 2020, Spanish companies dedicate 15% of their total IT budget to cybersecurity. This is independent of company size: large firms spend 16.9%, SMEs 15.22% and micro-SMEs 12.34%. 

    Irish cybersecurity firms are already active in Spain. Daon, for example, supplies multi-factor authentical (MFA) technology to Telefónica Tech, which offers cybersecurity and related cloud-based technologies to Spanish and international clients. Other Irish companies will find opportunity in Spain around: 

    • Critical infrastructure security. 
    • Application security. 
    • Network security. 
    • Cloud security. 
    • Internet of Things (IoT) security. 

    Local competition can present a challenge to those considering the market. Large system integrators and international cybersecurity players dominate the market.  

    Companies also often find they need to educate the market. Potential customers are often still at an early stage of adoption and are keen to find the best solutions for their needs. Consider finding a local partner to help cut your time to market.   

    Take your time and be prepared. Invest in validating the market opportunity and building the right market entry strategy. Italian customers value strong relationships so it is worth spending time investing in building your network. 

    Top tip 

    The most important factor when it comes to the cybersecurity market in Spain is being committed to it, which includes dedicating people to this opportunity. Furthermore, the sales cycle tends to be long, so you need adequate financing in place.   

    Local competition is the main barrier to entry here, but there are openings for innovative offerings. Make sure you have local support in the market, so you overcome any language barrier and be mindful of cultural considerations. Bear in mind too that sales are heavily based on reputation and relationships.  

    Clearly define your route to market before jumping head-first into selling in Spain. And beat in mind that to succeed in Spain, you need to pursue a strategy of continuous and thorough follow up.  

    • Share this article