Objectives of the Scheme
Through the Scheme, businesses can enhance their level of security and resilience against cyber threats, assess their current situation, and obtain certification in cybersecurity (ISO/IEC 27001:2013 or ISO/IEC 27001:2022).
The certification will be issued by accredited bodies and will confirm the business’s compliance with the NCC-CY Cybersecurity Framework for SMEs.
Beneficiaries
The beneficiaries of the Scheme are Small and Medium-sized Enterprises (SMEs) active in the tourism sector, which have:
- A Hotel Business Operating License, or
- A Travel Agency Operating License, in accordance with applicable Cypriot legislation.
Businesses must be legally established and operating in areas controlled by the Republic of Cyprus.
Grant
- Aid intensity: 70% of eligible costs
- Minimum funding per project: €20,000
- Maximum Funding: €65,000
(or €75,000 in case of using the ENISA AR-in-a-Box tool)
- Total Project Budget: €1,000,000
The duration of each project is up to 9 months.
Eligible Expenses
Expenses must be related to obtaining cybersecurity certification and may include:
- Gap analysis
- Consulting services and staff training
- Firewall, WAF, SOC, antivirus, backup and disaster recovery solutions
- Access management and security incident management systems
- Cybersecurity and data protection policy design services
- Certification costs from accredited bodies
Ineligible Expenses
Expenses not directly related to obtaining certification or strengthening the cybersecurity of the business are not considered eligible under the Scheme.
For example, the following categories are not eligible:
- Salaries or wages of the enterprise’s own staff or contractors.
- General operating expenses, such as rent, utilities, telecommunications, or transportation.
- Equipment costs not directly related to cybersecurity (e.g., general-purpose computers, printers, mobile phones).
- Expenses incurred prior to the date of submission and approval of the proposal.
- Expenses for non-accredited services or suppliers that do not meet the requirements of the Plan.
- Expenses incurred after the date of submission and approval