NCC-IE Cyber Security Improvement Grant

Minimum Support: €20,000

Maximum Support: €60,000

Self-financing: 20%

Total amount of aid: €2,000,000

Status: Open

The National Cybersecurity Coordination and Development Centre, NCC-IE, is offering support to Irish small and medium companies to implement changes in their IT systems and practices to increase their cybersecurity and therefore help protect their businesses form cyberattacks. The NCC-IE Cyber Security Improvement Grant is open to companies who have received a Cyber Security Report as a result of carrying out the Enterprise Ireland Cyber Security Review.

The grant is co-funded by the Digital Europe Programme.

What is provided?

• Funding of 80% of the project cost to:
• Implement priority recommendations from the Cyber Security Review.
• Provide guidance on ongoing cybersecurity and future improvements.
• Re-test your company’s cyber security level post-implementation.
• The delivery of a report confirming actions undertaken by the consultant, follow-on steps for you to undertake and recommendations for ongoing cybersecurity.
• The report will also demonstrate how your company’s cybersecurity has increased from before you undertook the Enterprise Ireland Cyber Security Review, to now.

Who is it for?

• Companies looking to increase the cybersecurity of their IT systems, their operations, their staff and their administration.
• Small and medium enterprises registered in Ireland and owned and controlled in Europe.
• You must have undertaken the Enterprise Ireland Cyber Security Review first.

What is included?

The Enterprise Ireland Cyber Security Review provides an improvement plan for companies to implement. Some actions will need to be done by a cyber security expert, who can help you decide on what actions to do first, what software you need to purchase, and what licences you should buy.

The below is a non-exhaustive list of actions that could be covered by the NCC-IE Cyber Security Improvement Grant:

1. Implementation of network segmentation
2. Creating a management network to manage servers, IP phones and other devices
3. Implementing/upgrading firewall management and rules
4. Implementation of an inventory policy
5. Implementation of a security patch policy
6. Acquiring new licences for security patches
7. Provision of cybersecurity awareness training for staff

** See our 12 Steps to Cyber Security for guidance on actions which can be undertaken to improve cyber resilience.

Once the agreed actions have been done, the consultant will conduct another cyber security review, to determine your new risk level.

What are the expected Outcomes?

The expected outcome for each company using the NCC-IE Cyber Security Improvement Grant is a demonstrated increase in cybersecurity, and a reduced risk of attack.

Who can carry out the work?

There is no published list of approved experts related to this offer. It is the responsibility of the client company to identify and engage a suitable cyber security expert for the project. Applicants must follow public procurement rules when engaging the services of a provider with appropriate expertise, capability and certification.

NCSC will not be liable for any loss and/or damage caused by an applicant’s decision to retain the services of a consultant in connection with this grant offer.

Cybersecurity experts engaged for this grant support may not be employees of, nor shareholders of, nor have a direct financial interest in the company, or contractual relationship with the company as their IT technology or services provider.

As part of the application assessment process, NCSC may deem the proposed consultant unsuitable based on these or any other criteria that may arise and will engage with the applicant to discuss other options or deem the project ineligible. Please note that this is to ensure the efficient operation of the grant and does not guarantee the quality of the specific consultant you have chosen.

Who can apply?

Eligible companies are client companies of Enterprise Ireland with an assigned Development Advisor who have completed the Enterprise Ireland Cyber Security Review.

Only one Cyber Security Improvement grant can be approved per company (or group of companies).

How can I apply?

Applications open on 8th October 2024 and close at midnight on 8th December 2024. All requested documentation must be submitted by this date in order to be assessed.

Applicants can download and complete the application form here.

Applicants must submit the completed application form and supporting documents by email to ncc-ncsc@ncsc.gov.ie. The supporting documents required are:

1. Enterprise Ireland Cyber Security Review Letter of Offer.
2. A copy of the Cyber Security Report.
3. A Statement of Proposed Works.
4. Quote(s) from a cyber security consultant/service provider.

Once your application is accepted and approved you will receive a letter of offer. Following the instructions in this letter (e.g. The completed report, plus your proof of payment to the consultant) will allow you to claim 80% (up to €60,000) of the money back.

Further Application Details

• One Grant per company.
• Minimum project cost is €25,000.
• As part of the application, you will need your CRO number.
• The Grant is only valid for costs incurred after your application is approved.
• Closing date: 8th December 2024 This is subject to budget availability under DEP project 101127902 – NCC-IE. If there is additional budget remaining after the closing date of 8th December 2024, a second round of applications will be invited.
• The task breakdown should be agreed by the applicant and the chosen service provider and may vary depending on the needs. Note that NCSC will review all applications and reject those that are not in line with the objectives of the offer.

The application process is as follows:

• Applications are submitted between 8.10.2024 and 8.12.2024
• Application review: 1-2 weeks processing time after closing date
• Decision made and application approved/rejected
• If approved, Grant Letter of Offer is issued and accepted via DocuSign
• Project carried out with consultant
• Consultant invoices company
• Company makes a claim to NCSC by submitting the correct documents.
• All claims must be submitted by 30th June 2025
• Company is reimbursed
• Company publicises the Cyber Security Improvement Grant project, including in any text produced ‘the project is supported by the National Cybersecurity Coordination and Development Centre, Ireland, and is co-financed by the European Union’

Further information/Contact

If you need assistance, contact the NCC-IE at ncc-ncsc@ncsc.gov.ie.