Cybersecurity improvement trajectories

Which enterprises are eligible for the cybersecurity improvement trajectories?

SMEs and social enterprises with a business-critical amount of IT architecture, software or connected IoT devices are eligible for this subsidy.

Also eligible: SMEs and social enterprises that wish to take their first steps in improving their cybersecurity and / or SMEs and customized companies with a less complex IT / OT environment

The trajectories are mainly aimed at supporting companies that can still achieve a significant growth in cybersecurity. A company can therefore only receive support once over a period of four years for a cybersecurity improvement trajectory.
 During an initial interview, the service provider will determine whether an enterprise meets this criterion. 

Companies must also meet following eligibility criteria: 

  1. The company is an SME (according to the European SME definition) - with the exception of the recognized social enterprises
  2. The company has an acceptable legal form
  3. The company is active in the private sector. The participation of an administrative authority is less than 25 percent.
  4. The company has an acceptable main activity (NACE-classification)
  5. The company establishment is located in the Flemish Region
  6. The company has no negative equity on the filing date
  7. The company meets the conditions to receive de minimis aid

What is eligible?

Only the services that the 9 selected service providers offer are eligible for support by VLAIO. Each service provider offers two types of basic packages. On the one hand, the standard basic package with a cost price between €25,000 and €30,000. On the other hand, a light version of the basic package with a more limited size (cost price between €15,000 and €20,000) and specifically aimed at SMEs and social enterprises that wish to take their first steps in the field of cybersecurity and / or SMEs and social enterprises with a less complex IT / OT environment.

Both types of basic packages consist of:

  1. An in-depth (technical) analysis of the company’s cybersecurity maturity;
  2. The drawing-up of an action plan to improve the company’s cybersecurity;
  3. Advice/ guidance on solving the observed security problems.

The company chooses whether to use the full basic package or the light version of the basic package. One of the two basic packages, with sufficient flexibility to respond to the specific needs, is a mandatory part of every improvement trajectory.

Some service providers also offer an additional package that focuses on specific topics or on tackling extra cybersecurity weaknesses. This package is optional.

The nine selected service providers are:

  • BA - Sirius Legal
  • Cronos Security - Bow Tie Security
  • EY
  • Netcure
  • PwC Enterprise Advisory
  • Toreon
  • Cegeka
  • Savaco
  • Apogado
  • Proximus NXT
  • Sertalink
  • Group K
  • Cresco
  • Zerobit - Grant Thorton - Soteria
  • Axians



Koning Albert II-laan 35 bus 12
1030 Brussels