By Hunter Donahue
With the constant headlines and increasingly exorbitant costs of cyber-attacks, public concern for cybersecurity has reached an all-time high. Recently SecurityBoulevard reported a 139% increase in ransomware attacks in 2020 which underscores the need for immediate action. In response to these trends, there has been a significant increase in demand for new and different ways to fund various research projects, awareness campaigns, academic and training pathways, and other related efforts and resources.
Queue the Grants
One piece of the overall strategy to improve cybersecurity across all sectors is opening up grant programs. In February 2020, the U.S. Department of Homeland Security (DHS) announced a commitment of $1.8 billion to the improvement of state and urban cybersecurity readiness. Organizations, both private and public, are able to tap into these funds to support the training, creation, and maintenance of skilled security teams for protection of their personnel and their assets. As is common with most grants, these have specific requirements or thresholds the applicant must meet to attain funding. We will discuss some of the different types below
Every industry faces its fair share of unique challenges to its business, and when it comes to cybersecurity it’s no different. Grants in this category are offered depending on the risk or threats that an industry faces, or due to the nature of the business itself. For example, in New York the Advanced Institute for Manufacturing has teamed up with FuzeHub and the Manufacturing & Technology Enterprise Center to provide a bevy of grant opportunities for small and medium manufacturers. Finding out which grants are available for your industry is as simple as a quick Google search.
Improving cybersecurity does not only have to come by way of suffering from an incident, or compliance requirements of a new framework. Cybersecurity training grants have been around for some time, providing students with means to fund their education and for municipalities to educate their employees and constituents on how to better protect the public from malicious actors. Recently, grants have expanded in their reach by also offering assessments to test the strength of local governments infrastructure. Eligibility is largely based on whether you have an existing program, are in a municipality that has not undergone a recent security audit, and other requirements.
Some of the larger grants target specific industries or groups but go a step further by introducing requirements the organization must undergo to become eligible for funding. In September 2020, the house passed a $400 million dollar bill that would provide grants to local municipalities seeking funding, with two stipulations: a.) the grant did not exceed 90% of their current security spending, and b.) the municipality increased their total security budget each year until it was 50:50 with the received grant monies. Many of the larger grants follow similar guidelines, so if your organization is seeking major funding it’s best to establish a security baseline first before beginning your search.
Grants are an excellent way to kick start security initiatives and to reinforce an already robust security program. The funding provided can aid in identifying key risk or threats and provide improvements into efficiency and organizational continuity. Acquiring this funding can be as simple as being within a specific industry or having a specific security goal, but many organizations don’t take advantage of these opportunities. Once you have sought out grant money and are looking for how to spend it, check back here in a few weeks for our next blog: “Scaling spending to maturity”.