KnowCyber grantee spotlight: Supporting Albanian SMEs through cyber principles

Small and medium-sized enterprises (SMEs) are the backbone of Albania’s economy. Yet, in the digital domain, they are among the most exposed and least protected actors. Limited resources, small teams, and low cybersecurity awareness make SMEs a prime target for increasingly sophisticated cyberattacks.

This reality formed the starting point for the initiative implemented by the , aimed at strengthening cybersecurity culture and practical resilience among Albanian SMEs.

Assessing SME cyber readiness

The project began with a comprehensive assessment of 80 SMEs across Albania, providing a clear and data-driven picture of cybersecurity readiness. The findings were alarming:

• 85% of SMEs showed poor awareness of cyber risks
• 70% had no cybersecurity policies in place
• 90% had never received cybersecurity or IT security training
• 75% had no dedicated IT security staff
• 60% were operating on outdated software, often unlicensed and rarely updated

“These businesses are not negligent, but under-resourced and under-supported,” explains Rexhion Qafa, spokesperson for the project.

“Many SMEs rely on informal IT support, where one person handles everything from networks to air conditioning. Cybersecurity simply isn’t built into their daily operations.”

Practical principles

One of the key challenges identified was that existing international cybersecurity standards are often too complex, technical, and resource-intensive for SMEs to implement effectively.

In response, the project introduced a Cyber Principles Framework, a simplified, SME-adapted set of cybersecurity measures derived from established standards, but translated into clear, actionable, and realistic steps for smaller businesses.

“Our goal was not to overwhelm SMEs with frameworks they can’t use,” says Qafa. “We wanted to give them principles they can apply immediately, in their own environment, with the resources they already have.”

Practical trainings

At the heart of the initiative was capacity building through hands-on learning. The project delivered:

• 9 full workshop days, combining theory, practical exercises, tabletop simulations, and real-life incident scenarios
• 250+ SME representatives trained, including management and operational staff
• 40 SMEs actively applying the Cyber Principles Framework within their own organisations

These sessions helped SMEs move from abstract awareness to operational readiness, strengthening daily cyber hygiene practices and internal decision-making.

Awareness-raising

To extend impact, the project also ran a targeted awareness and communication campaign, including:

• 18 social media posts
• 4 newsletters distributed to SMEs and partner institutions
• Over 10,000 people reached online
• Additional visibility through flyers, banners, and videos

This approach ensured that cybersecurity messages reached not only trained SMEs, but also the wider business and policy community.

Measurable results

The project delivered concrete, measurable outcomes:

• 80 SMEs assessed
• 4 core cybersecurity documents published, including the Cyber Principles Framework
• 65% increase in cybersecurity awareness
• 70% of participating SMEs ready for certification-level compliance
• A transition from fragmentation to a clear cybersecurity roadmap

“Besides raising awareness, we also changed behavior. SMEs moved from not knowing where to start to having a roadmap they can follow,” Qafa notes.

Looking ahead, the initiative is designed to scale. In collaboration with the Chamber of Commerce, the Ministry of Energy, and other institutional partners, the project is working toward:

• A Cyber-Safe Certification Scheme tailored for SMEs
• An SME Cyber Helpdesk / Hotline / CIRT-like support mechanism
• Advanced training modules
• Expanded institutional and regional partnerships

“Cybersecurity resilience is not a one-off project,” says Qafa. “It’s a continuous process and Albanian SMEs are ready to lead that change in the Western Balkans.”