KnowCyber grantee spotlight: Supporting Montenegro’s SMEs in building digital resilience

Published on December 22, 2025

Good practice

Small and medium-sized enterprises (SMEs) form the backbone of Montenegro’s economy. They account for 99% of all businesses, employ around 60% of the workforce and contribute approximately 60% of the country’s GDP. Yet despite their economic importance, SMEs remain among the most vulnerable targets of cyberattacks.

Research shows that 60% of SMEs fail to recover within six months of a cyber incident, often forcing them to close permanently. Financial losses from a single cyberattack can range from EUR 70,000 to EUR 130,000, a scale that many small businesses simply cannot absorb. Ultimately, this impact extends far beyond companies and affects the end users of SME services, all citizens of Montenegro.

To address this challenge, Montenegro-based NGO Secure, one of the KnowCyber grantees, implemented a project focused on improving cyber hygiene among SMEs and raising awareness across the wider public.

Understanding SME vulnerabilities

The project began with comprehensive quantitative research involving 350 SME employees across Montenegro, aimed at identifying real-world cybersecurity gaps and training needs. The findings revealed critical weaknesses:

76% of participants were not familiar with the concept of cyber hygiene
85% had never undergone any form of cybersecurity training
Only around 2% of companies achieved a high level of protection through cyber hygiene measures
Just 23% of SMEs allocated adequate resources to cybersecurity
Weak incident reporting and unclear internal policies were widespread

“These numbers clearly showed that cybersecurity was not being treated as a strategic business issue,” says Ivona Dabetic, President of the NGO Secure.

“Without awareness at management level, employees are left without guidance, procedures or protection,” she added.

Ivona Dabetic at the KnowCyber workshop in Brussels.

Targeted training

Based on the research findings, NGO Secure designed a three-cycle training programme tailored to different roles and needs within SMEs:

Management-level training, focusing on strategic planning, cyber risk assessment, internal procedures, and leadership responsibility for fostering a culture of cyber hygiene
Technical staff training, covering security tools, incident response, data protection techniques and regulatory compliance
Gender-focused training, addressing challenges women face in cyberspace, strengthening cybersecurity skills and encouraging women to pursue decision-making roles in the sector

“What surprised us most was how little management teams understood the importance of internal procedures and staff training,” Dabetic explains. “Cybersecurity cannot be delegated, it has to be embedded at leadership level.”

In total, 45 SMEs participated directly in the training programme. While this represents a fraction of Montenegro’s 60,000 SMEs, the project demonstrated how targeted intervention can create ripple effects across the economy.

Raising awareness

To amplify impact, the project also delivered a national awareness and education campaign, translating research findings into accessible, practical guidance for businesses and citizens.

Through social media and outdoor communication, the campaign reached over 26,000 people, sharing concrete steps SMEs can take to protect their data, systems and customers.

Educational materials developed as part of the project continue to support wider learning and can be reused by businesses, institutions and the general public.

Measurable impact

Participants reported significant improvements across key indicators, including phishing recognition, password management, incident reporting awareness and overall cyber hygiene. The average usefulness rating of the training reached 4.76 out of 5, reflecting strong satisfaction and practical value for SMEs.

“By strengthening SMEs, we are strengthening the entire Montenegrin economy. Cyber hygiene is clearly an economic necessity, not a luxury,” says Dabetic.

Building a safer digital economy

As a KnowCyber grantee, NGO Secure’s work demonstrates how evidence-based training and targeted awareness can reduce cyber risk, improve resilience and protect both businesses and citizens.

While the project has reached only a portion of Montenegro’s SME landscape, it has laid a strong foundation for future scaling. By investing in cyber hygiene today, Montenegro takes a crucial step toward a safer, stronger and more resilient digital economy.