Call for MSMEs: Cybersecurity Training & Technical Assistance (Bosnia and Herzegovina)

In light of Bosnia and Herzegovina’s increasing reliance on information and communication technologies (ICTs), cybersecurity emerges as a critical concern impacting various sectors of society. The inadequacy of localized responses to these threats underscores the necessity for international cooperation and the development of robust cybersecurity frameworks.

This public call is open to all SMEs from Bosnia and Herzegovina who fulfill the required criteria and have demonstrated interest to participate in the training programme and technical assistance envisaged under this Public Call.

The aim of the programme is to assist SMEs in strengthening their cyber-security resilience. This includes enhancing their understanding of cyber threats and the severe consequences of inadequate resilience, while equipping participants with practical knowledge and skills to build robust defense mechanisms. During the programme, participants will have the opportunity to work with trained local cyber security experts, conducting practical analysis of their companies’ cyber security posture. By fostering cyber security awareness and providing hands-on strategies, SMEs will be better equipped to safeguard their operations and reduce potential cyber security risks.

Call Lots

• This Public Call encompasses two lots that companies can apply to:
  • Lot 1: Fundamentals Cyber Security Training
    • Training on Cyber Resilience for Small and Medium-sized Enterprises: Fundamentals and Practical Strategies;
    • This training will provide an introduction to cybersecurity and data privacy, covering fundamental concepts. It will address common threats faced by companies, including typical cyber-attacks like phishing, ransomware, and social engineering, as well as those specific to SMEs based on experiences from Czech and EU companies. Participants will learn about the development of cyber-attacks, how to recognize threats, and essential rules for protection, but also conduct SMEs’ cybersecurity risk assessments and analysis with support of local cyber security experts, producing security recommendations;
    • Each SME will have 2 participants: one in a managerial (decision-maker) role and one internal tech (IT) specialist;
    • The expected training duration is 2 days. On the first day, participation is expected from both management and tech specialist roles. On the second day, only the presence of the tech specialist is anticipated.
  • Lot 2: Intermediate Cyber Security Training
    • Business Cyber Defender Training;
    • Training will comprehensively cover essential cybersecurity practices, including proper document backup procedures, secure remote access setups, and other necessary tools to safeguard SMEs’ networks, systems, and data. It aims to empower participants in assuming the role of “Business Cyber Defender” within their companies. This includes enhancing their ability to identify cybersecurity risks and propose mitigation measures. Additionally, the training will focus on equipping them with skills to effectively communicate cybersecurity basics to their colleagues;
    • Each SME will have 1 participant, a SME internal tech (IT) specialist;
    • The expected training duration is 2 days.
• The training programme is designed to equip participants with the materials, concepts, and understanding necessary to address the complex cybersecurity issues faced by SMEs. To fully comprehend these complexities, participants are expected to engage in further reading and practice both during and after the training.
• After the training, selected SMEs will be provided with the opportunity to receive tailored technical assistance, offering high-level expertise to identify key risks in their business and take necessary preemptive actions to enhance overall cybersecurity. The selection will be based on their demonstrated motivation, involvement in conducting a cybersecurity maturity assessment, and readiness to commit resources to fully utilize the technical assistance. This assistance will be delivered online using relevant digital communication tools and channels.
• Note: Interested companies need to choose and apply to only one of the two available lots.
• The following results are expected through the implementation of this Public Call:
  • Up to 15 SMEs from various industries have improved cyber security awareness and acquired cyber security fundamentals;
  • Up to 15 SMEs from various industries have increased their internal capacities to Business Cyber Defender level;
  • Up to 8 SMEs have received technical assistance, identified the main risks in their business, and undertaken the necessary preemptive actions to improve the overall cyber security.

Eligibility Criteria

• Eligible SMEs for support under this Public Call are legal entities as follows:
  • Registered as a business entity – d.o.o. (proof: a copy of the registration of a company);
  • Registered on the territory of BiH (proof:  copy of latest company registration);
  • Have accrued profit in 2023 (proof: 2023 financial statement provided);
  • Have more than 9 and fewer than 250 employees on the date of the publication of this Public Call (proof: 2023 financial statement provided);
  • The company representatives are expected to be in good command of English language;
  • The Internal Tech Specialist representing the SME is expected to possess a strong technical background (proof: CV of an internal tech specialist);
  • The owner or responsible person does not hold a public office position or is employed in government institutions.

For more information, visit UNDP.