NCC-IS Cybersecurity Grant


Target group:
Small and Medium-sized Enterprises (SMEs), and public organisations.


Objectives:
Applicants can apply for a grant to enhance their cybersecurity.


Deadline:

Next deadline is 17 March 2025, at 15:00 GMT 

The application deadline is once to twice a year.

IS

What is funded?

Eligible projects tasks must fall under the following categories related to cybersecurity:

  • strengthening cybersecurity culture and awareness,

  • efficient education, research and development,

  • secure digital services and innovation,

  • stronger law enforcement, defense and national security,

  • effective response to incidents, and

  • strong infrastructure, technology and legal framework.

Who can apply?

Small and medium-sized enterprises (SMEs) according to the EU definition as well as public organisations:

  • Medium-sized companies: Fewer than 250 employees and an annual turnover not exceeding 50 million euros or a balance sheet not exceeding 43 million euros.
  • Small companies: Fewer than 50 employees and an annual turnover or balance sheet not exceeding 10 million euros.
  • Micro-enterprises: Fewer than 10 employees and an annual turnover or balance sheet not exceeding 2 million euros.

How to apply?

Applications to the fund are submitted using Rannís' electronic application system.

The evaluation and allocation process

Rannís‘ expert panel evaluates applications and gives grades according to a rating scale. The NCC-IS Board is then given the ranking of the applications and makes a decision on grants. The Minister of Infrastructure confirms the decision on allocation based on the list from the NCC-IS Board.

The following factors are used as a basis for evaluating applications:

  1. Impact and novelty of the project.
  2. Quality and efficiency.
  3. Project management.
  4. Staff training, cooperation, and whether the applicant falls under the definition of critical infrastructure.

All applicants will be notified whether or not they have received a grant. It is assumed that the notification of allocation is published on Rannís internal website no more than six weeks after the application deadline ends.

If a grant is awarded, a written agreement is made between Rannís and the beneficiary within one month of the grant being awarded. The grant is paid in two installments and is deposited into the bank account of the beneficiary concerned: The first payment process (80%) is initiated after signing the contract. The final payment process (20%) is initiated after the final report has been submitted and approved, and a presentation of the project has been delivered. However, grants under one million ISK can be paid out in a single installment.

Eligibility:

In order for an application to be considered eligible for funding, the project's connection to the cybersecurity grant's goals must be clear. The project and its time schedule must be well defined.

Administration and reporting

The beneficiary is required to submit a final report to Rannís by August 20, 2025. The final report should provide a comprehensive summary of the project's key results and outcomes. The final report application form will be made available on the Rannis electronic application system.

The beneficiary is required to present the project results for which funding was received. Additionally, publication of the results in other venues, such as newspaper or magazine articles, company websites, or posters, is encouraged.

Board and expert panel

The NCC-IS Board of Directors is made up of six individuals for a two-year term. In 2024, the Board is made up of the following individuals;

  • Jón Vilberg Guðjónsson (male), Director General of Administration at the Ministry of Higher Education, Science and Innovation
  • Sigurður Óli Sigurðsson (male), Head of Research and Innovation Division, Rannís
  • Ólafur Eysteinn Sigurjónsson (male), Board member of Auðna
  • Sigurður Magnús Garðarsson (male), Dean of the School of Engineering and Natural Sciences, University of Iceland
  • Bryndís Björk Ásgeirsdóttir (female), Acting Dean of the School of Technology, Reykjavík University
  • Hrafnkell V. Gíslason (male), Managing Director, the Electronic Communications Office of Iceland (ECOI)

The expert panel consists of five individuals with expert knowledge in cybersecurity:

  • Bryndís Bjarnadóttir, cybersecurity expert at CERT-IS
  • Hákon Aakerlund, Chief Security Officer at Arion Banki
  • Kristinn Guðjónsson, Senior Staff Security Engineer at Shopify
  • Theodór R. Gíslason, Chairman of the expert panel, CTO and Head of Innovation at Syndis
  • Tinna Harðardóttir, IT Manager at Innnes
  • Tinna Þuríður Sigurðardóttir, Senior Analyst at the European Center of Excellence for Countering Hybrid Threats

The expert panel consists of six individuals with expert knowledge in cybersecurity.

Role of Rannís:

The Icelandic Centre for Research (Rannís) manages the fund in collaboration with NCC-IS and oversees the review and assessment of applications.

co-funderEU

Useful links 

Contacts

This website is built with Eplica CMS