Building Cyber Resilience in SMBs - Lessons From the Project Cyber Innovation Network

Small to medium-sized businesses (SMBs) form the backbone of Norway's economy. SMBs are defined as businesses or enterprises with fewer than 100 employees and constitute over 99 percent of Norway's active businesses. Consequently, SMBs frequently hold key positions within our society in sectors such as healthcare, telecommunications, and energy, as well as serving as suppliers for critical infrastructure. However, SMBs often don't have the resources to employ dedicated security staff or to outsource their cybersecurity needs. The project Cyber Innovation Network (CIN) aims to build cybersecurity competence in SMBs by creating a collaboration between industry, academia and research institutions. Our project shows that while these SMBs lack the know-how to protect against cyber threats, this type of collaboration can provide effective countermeasures in the ever-evolving threat landscape. The CIN project has received much positive feedback. This paper details our approach for teaching fundamental cybersecurity principles for SMBs. Furthermore, this paper also presents our approach, experiences, feedback received and lessons learned in building cybersecurity competence in SMBs.

Keywords: Cybersecurity, Small to medium-sized businesses, Security awareness, Resiliency, Employee training.