CARNET’s NKS Announces a Tender Worth 1.97 Million Euros

Cybersecurity is today one of the main prerequisites for the growth and competitiveness of small and medium-sized enterprises. Increasingly sophisticated threats and stricter European regulations, particularly the NIS2 directive, present entrepreneurs with the challenge of aligning internal processes and investing in security solutions.

Investment in cybersecurity not only provides protection but also significant financial returns for micro, small, and medium-sized enterprises. Return on investment (ROI) analyses show that investments in security measures such as backup strategies and multifactor authentication can yield returns of 300 to even 400 percent, through reduced financial risks and damage prevention.

For example, implementing backups and business continuity planning (BCP) can reduce expected damages by hundreds of thousands of euros, achieving an ROI of +329 percent. At a time when financial damage from cyberattacks on small and medium-sized companies in Europe is increasing by more than 50 percent annually, investing in security pays off multiple times.

This is precisely why the Croatian Academic and Research Network – CARNET, specifically the National Coordination Center for Industry, Technology, and Research in the field of cybersecurity (NKS), has announced the first tender aimed at improving cybersecurity in Croatia, worth 1.97 million euros.

The tender is being conducted within a project funded by the Digital Europe program and is intended for micro, small, and medium-sized enterprises (SMEs), which can obtain non-repayable funds through this project for improving internal security processes, employee training, system certification, security testing, and self-assessment of cybersecurity. Projects are financed at a rate of up to 50 percent of eligible costs, with support ranging from 7,500 to 60,000 euros, while the total project value can be between 15,000 and 120,000 euros.

Still not sure if you need such an investment? A survey conducted in 2024 by CARNET – NKS in collaboration with HKG and HUP shows that 43 percent of respondents have experienced some form of cyber incident, and 51 percent believe that the likelihood of this occurring in the near future is very high. Considering that a cyberattack can cause significant financial or reputational damage with long-term consequences for business, it is expected that companies will prepare for this. However, most companies still do not have allocated internal budgets for security. For Croatia, as a small and export-oriented economy, this represents a serious risk, as international partners increasingly demand high security protocols and proof of certifications.

Data from CARNET’s National CERT further confirms the seriousness of the situation: in 2024 alone, 1,113 incidents were recorded, with phishing remaining the most common form of attack, i.e., attempts to extract passwords, payment information, or business information. Such attacks particularly affect SMEs as they often lack developed internal security capacities. The consequences can be data loss, difficulties in entering supply chains, export barriers, and reduced customer trust. This is an alarm for urgent strengthening of resilience, investment, and education in the field of security.

– Financial support comes at a time when companies face significant regulatory requirements, and cyber threats are becoming increasingly complex. SMEs now have the opportunity to strengthen the digital resilience of their organizations through concrete projects – emphasized Vlatka Marčan, Assistant Director of CARNET for the National Coordination Center (NKS).

The tender is aimed at improving the cybersecurity of small and medium-sized enterprises, with full compliance with the legislative framework.

Who can apply and how?

All micro, small, and medium-sized enterprises, regardless of their activity, can apply for the tender. Funding can be requested for projects that include the following:

– self-assessment of cybersecurity or certification and alignment of business security systems according to international standards,

– employee training, various types of security testing (such as penetration tests and vulnerability assessments, to incident response simulations).

Each application must include at least one activity from at least two of these three listed groups, ensuring a combination of improving business processes in the cybersecurity segment, raising awareness, and testing the resilience of the enterprise.

The application deadline is November 21, 2025, at 5 PM. Upon signing the contract, pre-financing of up to 50% of the approved funds is planned, and projects can last up to 12 months. Questions can be sent to [email protected] no later than 14 days before the application deadline, and detailed documentation is available at www.nks.hr/poziv

The call will be presented on September 30 at an informational webinar, and regional events dedicated to this topic are also announced – in Pula on October 2, in Osijek from October 8 to 10, in Split on October 23, and a meeting in Varaždin is also planned.