Apply Now: Business Cybersecurity Program 2025 (Spain)

The digital transformation of Basque companies and their connectivity needs have demonstrated that cybersecurity is an essential tool for being increasingly better prepared against different types of cyberattacks and having the necessary resources to guarantee the security of their data and processes against these threats.

Cybersecurity specialists estimate that in the coming years there will be an exponential increase in cybersecurity incidents caused by organizations’ increased exposure to network connections. This dependence on connectivity is a consequence of the digital transformation they are experiencing, so it is essential to ensure that there are no cybersecurity weaknesses that can be exploited by hackers, for example, in the supply chain or other elements essential to their competitiveness.

For these reasons, and with the aim of ensuring the cybersecurity and competitiveness of the Basque business community, the Business Cybersecurity Program offers non-repayable grants.

What does it offer you?

• Up to 23,000 euros per company
  • Non-repayable aid of up to 50% of the project, with a maximum of €23,000 per company, to promote projects that contribute to increasing the company’s cybersecurity level.
• The call is extended to all Basque companies NEW!
  • Starting in 2024, all companies located in the Basque Country and registered with the Basque Country’s IAE (Taxpayer’s Income Tax) can access aid to improve their cybersecurity.
• Offers comprehensive cybersecurity support
  • From consulting services from external companies specializing in cybersecurity to staff training in the field of cybersecurity.
• Focuses on ensuring privacy in all aspects
  • The goal is to secure strategic or sensitive information, such as data or intellectual property. From corporate network architecture, remote access, and electronic device security, they aim to protect the company’s most important strategic information.

Eligible Projects

• Comprehensive support for corporate cybersecurity projects, ranging from consulting to investments in hardware and software.
  • IT/OT network segmentation
    • Convergence and integration of cyberattack protection systems for IT/OT (Information Technology/Operational Technology) environments. Design and implementation of secure architectures and, where appropriate, implementation of enterprise network segmentation.
  • Securing OT remote access
    • Ensure access to IT equipment required for maintenance, monitoring, and management, which are increasingly performed remotely.
  • Cybersecurity audits and attack simulations
    • Audits and simulations of attacks by individuals outside the organization and audits of internal profiles with different levels of access to company data.
  • Cybersecurity assessment of electronic devices
    • Cybersecurity assessment and certification of local and remote devices.
  • Staff Awareness and Training
    • Actions to raise awareness or train the company’s workforce in the field of cybersecurity.
  • Diagnosis of the current situation and personalized action plan
    • Assess the company’s current cybersecurity situation and develop an action plan to improve it. Conduct risk and vulnerability analysis. Inventory of the various elements in a critical system. Conduct a penetration test. Analyze web application vulnerabilities. Audit wireless communications.
  • Replication of CPDs
    • Adoption of cybersecurity policies related to Disaster Recovery or Contingency Plans, as well as high-availability scenarios aimed at ensuring business continuity in any company.
  • Cybersecurity standards and regulations
    • Adoption of best practices and certification processes related to obtaining and complying with various cybersecurity standards (e.g., IEC 62443, TISAX, or equivalent) or other widely recognized cybersecurity management standards (e.g., ISO 27001, CAB, or equivalent), as well as mandatory regulations or laws in force. Adaptation to compliance with the National Security Framework (Royal Decree 3/2010), the PIC Regulation (Royal Decree 704/2011), NIS2, DORA, and CRA. Continuous improvement of the cybersecurity management process through the deployment of specific measures or the evolution of these measures to higher levels of maturity than those previously in place.
  • Protection of strategic or sensitive information
    • Measures to protect strategic or sensitive information, such as intellectual property, R&D&I strategies, building or product design plans, information affected by the GDPR, or any other information directly related to the competitiveness and sustainability of the business (examples of measures: storage encryption, access control, copy distribution control, secure deletion, etc.).
  • Monitoring of Perimeter Security Devices
    • Monitoring projects for perimeter security devices and other devices such as switches, probes, appliances, firewalls, PLCs, EDRs, etc.
  • Other cybersecurity projects
    • Other projects that significantly increase companies’ cybersecurity levels and reduce risk and vulnerability to various types of attacks.

Who is it for?

• For all Basque companies that want to increase their level of cybersecurity to compete in a global and digitalized market
  • That require the support and advice of an external specialized company to perform consulting and/or engineering work for the cybersecurity improvement project.
  • They want to invest in improving their workforce’s cybersecurity skills and provide the right tools to ensure the security of the company’s most important information.

For more information, visit SPRI.