Effective models for start-ups on NIS

Recommendations
Christina Skouloudi| Officer in NIS | ENISA
Validation Workshop | Brussels | 10th November
European Union Agency for Network and Information Security
Target audience of recommendations

• Recommendations for EU Policy Makers

• Recommendations for National Policy Makers
• Recommendations for NIS Industry

Effective models for start-ups on NIS - Recommendations | ENISA 2

Recommendations

EU Policy Makers National Policy Makers

NIS Industry

Effective models for start-ups on NIS - Recommendations | ENISA 3

Recommendations for EU Policy Makers 1/2

1. Adapt the public-sector procurement process to facilitate

access for NIS start-ups at EU level
2. Establish EU-wide trusted cybersecurity labels or
certifications for NIS products & services.
3. Create a European cluster specialized in cybersecurity to
develop the attractiveness of the EU for innovative NIS start-
ups.
4. Align EU funding mechanism to NIS start-ups ecosystem
needs
5. Build up all skills of the cybersecurity ecosystem

Effective models for start-ups on NIS - Recommendations | ENISA 4

Recommendations for EU Policy Makers 2/2

6. Further build the regulatory framework of the NIS sector to increase

awareness and demand for NIS products and services and continue
harmonisation of existing national framework at the EU level
7. Pursue simplification of administrative tasks for start-ups creation
8. Build a EU stock exchange market for technologies
9. Encourage the creation of industrial research chairs in universities
aiming at bridging research subjects and market expectations to
foster the creation of solutions adapted to market needs.
10.Communicate on NIS start-up success stories in the EU to increase
attractiveness for investors of the cybersecurity domain.

Effective models for start-ups on NIS - Recommendations | ENISA 5

#1 Adapt the public-sector procurement
process to facilitate access for NIS start-ups at
EU level

Encourage the selection of start-ups in tendering processes by

introducing a procurement policy such as a European “Small
Business Act” which would set different incentive measures on
the public-sector market to favour SMEs.

Effective models for start-ups on NIS - Recommendations | ENISA 6

#2 Establish EU-wide trusted cybersecurity labels or
certifications for NIS products & services

• build trust for customers within the EU and provide a stamp of

approval for international markets that other regions do not have.
• alleviate market fragmentation nowadays reinforced by existing
national certification schemes
• certification or qualification process shall be light-touch to favour
wide acceptance by start-ups
• Compliance assessment could be achieved through by mutual
recognition by peer organisations in the EU
• assessment shall consider existing national initiatives and allow trust
between national schemes and EU schemes

Effective models for start-ups on NIS - Recommendations | ENISA 7

#3 Create a European cluster specialized in
cybersecurity to develop the attractiveness of
the EU for innovative NIS start-ups
• establish a European hub specialised in cybersecurity to allow
start-ups to create common products and to meet with large
companies and other stakeholders
• set up a mentorship platform for this cluster that will facilitate
and recommend matchmaking of start-ups with mentors to
facilitate knowledge and how-to

Effective models for start-ups on NIS - Recommendations | ENISA 8

#4 Align EU funding mechanism to NIS
start-ups ecosystem needs
Create new funding programmes specific to start-ups and adapted to their needs.

Adapt funding mechanism rules to allow large companies to have tax credit or funding
when developing Proof of Concept with NIS start-ups.

Continue the funding of business development profiles (funding and recruitment) to

support NIS start-ups in their development.

Increase communication towards the NIS start-ups ecosystem around EU funding

mechanisms, partner with incubators and accelerators to promote this type of funding
to their network.

Simplify access to EU funding.

Increase funding for cybersecurity start-ups especially through specific prizes or

awards.

Communicate and publicise the mechanisms which allow a second chance in case of
bankruptcy more effectively as many stakeholders of the ecosystem do not know this
option exists.
Effective models for start-ups on NIS - Recommendations | ENISA 9
#5 Build up all skills of the cybersecurity
ecosystem

• attract cybersecurity talents from the entire world and keep

EU-born talents by valuing their skills and achievements and
facilitating access to the EU for skilled talents with initiatives
such as the “European Blue Card”.
• start a training programme targeted at investors and B2B
clients on cybersecurity to better evaluate and choose product
or services.

Effective models for start-ups on NIS - Recommendations | ENISA 10

#6 Further build the regulatory framework of the NIS
sector to increase awareness and demand for NIS products
and services and continue harmonisation of existing
national framework at the EU level
• build a map of member-state specific regulations across the
EU that may cause market access difficulties
• develop EU policies to support, increase and harmonise
cybersecurity awareness across countries at all levels: citizens,
professionals (customers) and policy makers.
• develop security by design standards in emerging technologies
• integrate cybersecurity criteria to obtain EU label to ensure
cybersecurity is considered for all EU products and services
(e.g. ensure CE marking for general goods reflects a certain level of cybersecurity)

Effective models for start-ups on NIS - Recommendations | ENISA 11

#7 Pursue simplification of administrative
tasks for start-ups creation

• Simplify all administrative procedures and reduce paperwork

requirements e.g. allow digital signatures
• Participate in the harmonisation of laws impacting start-up
creation and tax management in Europe
• Encourage the single European legal company statute

Effective models for start-ups on NIS - Recommendations | ENISA 12

#8 Build a EU stock exchange market
for technologies

Build a EU stock exchange market for technologies (on

the model for the NASDAQ) to make technological
companies more attractive and more visible to
investors.

Effective models for start-ups on NIS - Recommendations | ENISA 13

#9 Encourage the creation of industrial
research chairs in universities

Encourage the creation of industrial research chairs in

universities aiming at bridging research subjects and
market expectations to foster the creation of solutions
adapted to market needs.

Effective models for start-ups on NIS - Recommendations | ENISA 14

#10 Communicate on NIS start-up
success stories in the EU

Communicate on NIS start-up success stories in the EU

to increase attractiveness for investors of the
cybersecurity domain.

Effective models for start-ups on NIS - Recommendations | ENISA 15

Recommendations for National Policy
Makers
1. Encourage the creation of industrial research chairs in universities aiming at bridging
research subjects and market expectations to foster the creation of solutions adapted to
market needs.

2. Adapt public-sector procurement policy at member-state level to favour NIS start-ups

3. Promote NIS training and cybersecurity educational paths to increase the number of
cybersecurity experts. Promote the development of business and entrepreneurial skills

4. Increase collaboration between all NIS ecosystem stakeholders at member-state level

5. Create or develop incentives measures for investing in NIS products and services

6. Communicate on NIS start-up success stories in the EU to increase attractiveness for

investors of the cybersecurity domain

7. Organise study tour for foreign countries to show member-state NIS start-ups know-how
and presence or finance the sales representation of member-state NIS start-ups in foreign
events.

Effective models for start-ups on NIS - Recommendations | ENISA 16

Encourage the creation of industrial
research chairs in universities

Encourage the creation of industrial research chairs in

universities aiming at bridging research subjects and
market expectations to foster the creation of solutions
adapted to market needs

Effective models for start-ups on NIS - Recommendations | ENISA 17

Adapt public-sector procurement policy
at member-state level to favour NIS
start-ups

Encourage the selection of start-ups in tendering processes by

introducing a procurement policy such as a European “Small
Business Act” which would set different incentive measures on
the public-sector market to favour SMEs.

Effective models for start-ups on NIS - Recommendations | ENISA 18

#1 Promote NIS training and cybersecurity
educational paths to increase the number
of cybersecurity experts
Promote the development of business and entrepreneurial skills
• encourage students to have a work experience in entrepreneurship
and/or innovation, promote internships in start-ups.
• develop cybersecurity awareness and culture towards citizens
• reinforce university level qualifications for a new NIS workforce,
with a new emphasis on security as a basic computer science
• bring cybersecurity education at school level on the need for
cybersecurity in using ICT devices and in writing software
• encourage vocational retraining in cybersecurity in member-state
employment agency
• build and reinforce dedicated cybersecurity vocational training

Effective models for start-ups on NIS - Recommendations | ENISA 19

#2 Increase collaboration between all NIS
ecosystem stakeholders at member-state
level
• Develop a collaborative innovation platform to connect private
industries and start-ups present in the same geographic area
• Develop more national clusters dedicated to cybersecurity to
increase innovation, attractivity and exit strategy inside the EU
by gathering on a given geographic territory, large enterprise,
SMEs and start-ups, research labs and educational institution
(university).
• Assign a government liaise who will ensure the link between
cross-national clusters at the EU level on cybersecurity topics.

Effective models for start-ups on NIS - Recommendations | ENISA 20

#3 Create or develop incentives measures
for investing in NIS products and services

• Foster the creation of R&D tax incentives in all European

countries which gives tax credit when investing on innovation
• Create a label for innovative cybersecurity start-ups which will
allow investors to benefit from incentive measures such as tax
exemption when investing on such companies
• Create tax incentives (such as tax credit or tax exemption)
when investing on NIS products and services

Effective models for start-ups on NIS - Recommendations | ENISA 21

#4 Communicate on NIS start-up
success stories in the EU

Communicate on NIS start-up success stories in the EU

to increase attractiveness for investors of the
cybersecurity domain.

Effective models for start-ups on NIS - Recommendations | ENISA 22

#5 Organise study tour for foreign
countries

Organise study tour for foreign countries to show

member-state NIS start-ups know-how and presence or
finance the sales representation of member-state NIS
start-ups in foreign events.

Effective models for start-ups on NIS - Recommendations | ENISA 23

Recommendations for the NIS
Industry
1. Facilitate in large companies the buying of NIS products and
services
2. For large companies, increase investments in NIS start-ups
3. Increase cybersecurity skills in large companies
4. For the NIS industry, foster the meeting of different NIS start-ups
through gatherings and events to give them the opportunity to
create joint offers for a stronger impact and to meet with the NIS
ecosystem: investors, customers.
5. Push for standardization and certification for NIS services and
products
6. Build more EU incubators/accelerators specialised in sales and
marketing for the cybersecurity sector

Effective models for start-ups on NIS - Recommendations | ENISA 24

#1 Facilitate in large companies the
buying of NIS products and services
• Increase NIS market knowledge for buyers (procurement department or potential
customers) by providing them with cybersecurity market benchmarks, reports &
case studies to improve the knowledge of start-ups from the NIS ecosystem as well
as increase demand for NIS products or services by raising awareness within
industry.

• Raise awareness of the procurement teams, in large companies, so that they

understand benefits of having start-ups products and/or services in their companies

• Increase networking events specific to cybersecurity to connect start-ups, investors

and customers.

• Adapt the procurement process of large companies to facilitate access for NIS start-
ups. For small contracts from 50 to 100k€, large companies should adapt
administrative requirements in bidding process to allow start-ups to be selected and
contracted.

Effective models for start-ups on NIS - Recommendations | ENISA 25

#2 For large companies, increase
investments in NIS start-ups

• Private industries could develop and create corporate funds for non-
industrial sectors (as cybersecurity can be applied to sectors such as
health and environment), to allow joint funds to support innovation
in transversal sectors such as the NIS sector.
• Adopt corporate open innovation approach to support start-ups
development through various means: coaching, provision of
material of human resources, feasibility study, etc.
• Consider buying NIS start-up companies as part of the company
strategy.
• Have NIS start-ups to perform Proof of Concepts in the premises.

Effective models for start-ups on NIS - Recommendations | ENISA 26

#3 Increase cybersecurity skills in large
companies

• Attract cybersecurity talents from the whole world and keep

EU-born talents by supporting initiatives to attract
international talents, for example, for “WonderLeon” the
recruitment platform from the FrenchTech aiming at being
EuropeanTech.
• Create cybersecurity courses and training plans for employees.
• Encourage professional retraining in cybersecurity.

Effective models for start-ups on NIS - Recommendations | ENISA 27

#4 Foster the meeting of different NIS
start-ups through gatherings and events

For the NIS industry, foster the meeting of different NIS start-
ups through gatherings and events to give them the
opportunity to create joint offers for a stronger impact (in
relation to the geographical presence or scope of the offer for
example) and to meet with the NIS ecosystem: investors,
customers.

Effective models for start-ups on NIS - Recommendations | ENISA 28

#5 Push for standardization and
certification for NIS services and products

• push for standards, first at EU level, with ETSI being involved,

and ultimately for global standards with the IEC and ISO for
both services and products.
• push for harmonised certification across all Member States,
i.e. certification in one Member State would be valid across
the EU, and promote EU-level labelling with the certification.

Effective models for start-ups on NIS - Recommendations | ENISA 29

#6 Build more EU incubators/accelerators
specialised in sales and marketing for the
cybersecurity sector
• Support start-up founders in developing their sales and
marketing skills. Provide training and resources to improve
their ability in giving pitches, explaining the solution proposed
to non-technical interlocutors, running business development
workshops and driving business development from national
presence to EU or international presence.
• National incubators and accelerators could be complemented
by a EU level of activities, to favour the cross-border
development of the start-ups through a cross-countries
network.

Effective models for start-ups on NIS - Recommendations | ENISA 30

Thank you
PO Box 1309, 710 01 Heraklion, Greece

Tel: +30 28 14 40 9710

[email protected]
[email protected]

www.enisa.europa.eu