Maximising Your Cybersecurity with the NCSC Cyber Improvement Grant

Organisations that have taken advantage of Enterprise Ireland’s Cyber Security Review Grant have gained a comprehensive assessment of their cybersecurity posture, identified key vulnerabilities, and received a clear roadmap to strengthen their cybersecurity measures.

After benefiting from this initial review, your organisation can move forward with the Cyber Improvement Grant to implement these recommendations.

This follow-on grant is designed to elevate your organisation’s cybersecurity maturity by addressing and mitigating identified risks, fortifying your defences against potential cyber threats.

In this blog:

The Purpose of the Cyber Improvement Grant
Funding and Eligibility
Services Covered by the Grant
Expected Outcomes

The Purpose of the Cyber Improvement Grant

The Cyber Improvement Grant serves a crucial role in helping your organisation not just identify cybersecurity gaps, but also take concrete steps to address them. Its primary purpose is to support your business in implementing the recommendations from the Cyber Security Review, helping you raise your cybersecurity maturity levels. By taking these actions, your business can bolster its defences, comply with industry standards, and mitigate the risk of cyber incidents.

This grant can also provide funding to support your business in validating the effectiveness of the implemented security controls.

Funding and Eligibility

The Cyber Improvement Grant offers up to €60,000 in total project costs, with 80% of the funding covered by the grant.

Applications are due by 8 December 2024, and projects funded under this scheme must be implemented and claimed by 30 June 2025.

This financial support will allow your business to implement high-impact cybersecurity improvements with minimal financial burden, covering essential costs for enhanced security infrastructure.

To qualify for the Cyber Improvement Grant, your business must have completed the Cyber Security Review, which provides a roadmap of critical security issues to address. By following this process, organisations ensure their improvement efforts are guided by expert analysis and aligned with industry best practices.

Services Covered by the Grant

The Cyber Improvement Grant covers a wide range of essential cybersecurity services, allowing your business to strengthen its defences comprehensively. Eligible actions include:

Procurement of Software/Licences: Obtain necessary cybersecurity tools, such as security patches, with new licences that address vulnerabilities and bolster defences.
Consultancy and Advisory Services: Enlist a cybersecurity expert to guide you in prioritising actions, comply to the relevant regulatory standards and selecting appropriate software.
Training of Staff: Invest in cybersecurity awareness training to ensure your team is equipped with the knowledge to protect the organisation.

Some of the specific services and improvements that could be funded include:

Establishing Governance: Define a clear cybersecurity strategy aligned with key business drivers and securing senior management’s commitment. This includes establishing roles, responsibilities, policies, and reporting mechanisms to support an effective cyber resilience programme.
Identifying Critical Assets: Map your core business objectives, products, and services to the supporting people, processes, technology, and data infrastructure. Assess the criticality of these elements, including supply chain partners , prioritising protection where it matters most.
Threat Identification and Understanding: Gain insights into who might target your organisation, why they might do so, and how they could carry out an attack.
Building Education and Awareness: Develop a comprehensive cybersecurity awareness programme that ensures all employees know how to recognise potential threats, and understand their role in defending against them.
Implementing Basic Protections: Secure your organisation’s technology infrastructure by deploying essential protections such as secure configuration, firewalls, anti-malware, remote access controls, and encryption.
Developing Detection Capabilities: Set up a security monitoring capability to identify suspicious activities. Depending on resources, this could range from basic alerts to a fully equipped Security Operations Centre (SOC) providing continuous monitoring across networks, systems, and endpoints.
Incident Response Preparedness: Form a dedicated cyber incident management team equipped with a documented response plan. Ensure the team undergoes regular training and annual testing to prepare for effective response to security incidents.
Adopting a Risk-Based Resilience Approach: Establish and test recovery plans (including robust backup strategies) for critical processes and technologies. This risk-based approach to resilience ensures the continuity of vital business functions in the event of a cyber incident.
Regular Testing and Challenge Exercises: Conduct crisis management exercises and phishing simulations to employees and executive management’s readiness to handle significant cyberattacks.
Establishing a Cyber Risk Management Lifecycle: Integrate continuous improvement into your cybersecurity framework by regularly assessing risk, reviewing policies, and testing for compliance with evolving regulations. This lifecycle approach ensures sustained progress in cyber resilience.

By utilising these services, your business can close the gaps identified in its Cyber Security Review and significantly reduce the risk of falling victim to cyberattacks.

Expected Outcomes

The Cyber Improvement Grant aims to help organisations implement critical defensive measures by adopting recommended cybersecurity strategies. Key outcomes include:

Improved Cybersecurity Posture: Addressing vulnerabilities identified during the review will greatly enhance your security capabilities, helping you protect against known threats and respond to emerging risks.
Compliance with Regulatory Requirements: Many industries are subject to strict data protection and cybersecurity regulations. This grant enables your business to meet these standards, reducing the risk of fines or legal issues from non-compliance.
Long-Term Risk Mitigation: Implementing advanced controls like multi-factor authentication, firewalls, and continuous threat monitoring provides lasting protection against cyberattacks.
Enhanced Incident Response Plans: With strong security policies in place, your business can prevent, detect, respond to, and mitigate cyber incidents. This reduces downtime and financial loss in the event of a breach.
Follow-Up Cybersecurity Assessment: After improvement efforts are complete, a further assessment validates your enhanced cybersecurity posture, confirming that all findings in the original assessment have been addressed.

For businesses that have completed a Cyber Security Review, the Cyber Improvement Grant represents a vital opportunity to take action on the insights gained. By implementing key recommendations and strengthening cybersecurity defences, your business can safeguard operations against cyberattacks, comply with regulations, and build a robust foundation for future growth.

With €60,000 in available funding, your business can implement comprehensive security improvements while only covering a fraction of the total cost. The combination of policy upgrades, security patches, enhanced threat detection, and continuous monitoring ensures that your organisation is well-protected from the increasingly complex cyber landscape.