The EU’s New Cybersecurity Awareness Toolkit for SMEs

Introduction to Cybersecurity Challenges for SMEs 

In an era where vast amounts of digital information flow continuously through global networks, safeguarding trade secrets and bolstering cybersecurity have become essential for businesses of all sizes. I recently attended the webinar ‘Preventing Cyber-Theft of Trade Secrets: Awareness Toolkit for SMEs,’ which highlighted the European Union’s efforts—specifically through the European Innovation Council and SMEs Executive Agency (EISMEA)—to bolster SMEs’ cybersecurity practices. This article explores the key takeaways from this event.

Understanding Trade Secrets 

The webinar commenced with a definition of “trade secrets” from Article 2 of Directive (EU) 2016/943, describing them in part as confidential and inherently valuable business information due to their secrecy. 

The Rising Threat of Cyber Theft 

A significant increase in cyber theft has been noted in recent years, underscoring the value of intangible assets to cybercriminals. A pivotal statistic revealed that in 2018, 85% of SMEs saw themselves as too small to be targeted and only 21% had mandatory training in place to inform staff of their cybersecurity duties, highlighting a major gap in defence strategies. 

Recommendations Across the Board 

There were various recommendations for different stakeholders, some of which I have outlined below: 

  • European Commission and Agencies: Address supply chain vulnerabilities, set up training initiatives, develop a baseline risk assessment for European SMEs, create a list of open-source solutions for European cybersecurity certification, and include cyber insurance in the certification framework. 
  • National Authorities: Establish a cyber insurance public-private partnership, foster business-university collaborations for cybersecurity internships, provide SMEs with technical and financial support for EU cybersecurity certifications, continue cybersecurity awareness campaigns, and increase data collection on cybertheft. 
  • SMEs: Implement multifactor authentication, monitor sensitive information access, manage intellectual property, fortify network defences, conduct periodic asset mapping, engage employees in training, and introduce backup solutions. 
  • Trade Associations: Encourage members to verify confidential information under the legal definition of trade secrets and promote collaborative networks. 

Expert Insights 

Sebastiano Toffaletti from the European Digital SME Alliance discussed the growing threat of ransomware, especially for SMEs with small workforces, in particularly SMEs with 1-50 employees. He emphasized the vulnerabilities arising from inadequate cybersecurity measures, insufficient employee training, limited legal protections, and supply chain weaknesses. 

Two guidelines developed by Digital SME that should be of help to SMEs are; 


Paul Rikk from Milrem Robotics stressed the need for awareness and preparedness, recommending that SMEs allocate at least 20% of their IT budget to cybersecurity and prioritize data classification to prioritize the protection of certain data over others. He pointed out that the thief is looking for innovative solutions. 

Introduction to the Toolkit 

As the webinar concluded, it introduced a forthcoming toolkit, spotlighting three key tools contained within and the foundational training for SMEs to avail of. The 3 tools took the following format; 

  1. 10 GUIDELINES: A comprehensive list including strategic risk identification, trade secret assessment, supply chain analysis, governance definition, and more. 
  1. KNOW WHY: Understanding criminal motivations, assessing organizational impact, and preventive measures against cyber theft. 
  1. Sector-Specific Case Studies: Detailed case studies from the perspective of a threat actor, tailored to various industry sectors. 

The toolkit features engaging cybersecurity superhero characters with creative titles like Your Personal Coach, The Information Inspector, The Cyber Angel, and The Trade Secret Doctor, designed to make the toolkit more enjoyable and accessible.

Available Resources and Training 

The toolkit will include training materials in various formats to help SMEs enhance their cybersecurity understanding and practices. These materials, along with the toolkit, are set to be available on the Commission’s and EUIPO’s website by July.