TC Programme for Cybersecurity Resilience

Overview
Project Summary Document

TCRS 17908

Status Approved

Location

Regional

Business Sector

Notice Type

Public

PSD Disclosed

11 Aug 2023

Project Description

Accelerating the digital transition is one of the three cross-cutting themes of the EBRD’s Strategic and Capital Framework (SCF) 2021-25. The new digital approach approved in November 2021 is implemented by the Digital Hub, a dedicated unit established in January 2022. To accelerate the digital transition, the Bank is establishing the foundations for digital transformation, promoting adaptation among enterprises and governments, and supporting innovation and new market entrants.

As cyber threats pose considerable risks for the achievement of these goals, the Digital Approach committed to:(1) The Bank’s external policy and investment promotional activities take into account cyber issues; (2) The Bank undertakes an appropriate level of cyber due diligence to ensure the compliance of investee companies, where necessary. Cyber threats are relevant to the great majority of the Bank`s investments in all sectors and all regions, to corporations.

This TC Programme of the Digital Hub is a complete framework to address cyber risks and will support ICA, SIG and FI investment projects.

The TC programme will facilitate four functions:

A.           Preliminary assessment of existing EBRD clients, or prospective clients or groups of such clients to raise awareness to the risk and help formulate a strategic course of action. In the context of a generic project, or at the exploratory phase of a designated cybersecurity project.

B.           In depth assessment of clients during the Due Diligence phase to develop a specific technical mitigation plan for the cyber risk to the resiliency of the organization, the specific project and/or client`s ICT offering. In the context of a generic project, or at as part of a designated cybersecurity project.

C.           Supporting the client in implementing a technical cybersecurity mitigation plan.

D.          Cybersecurity RoSI (Return on Security Investment) consultancy.

Project`s pipeline should be large, as although not all projects have substantial cyber risks, dozens of EBRD projects with considerable cyber risks are approved each year. Additionally, demand from clients and prospective clients to receive support to enhance their cybersecurity resiliency, not in the context of a specific project, is also considerable. This demand is not confined to a specific region or sector, however the Digital Hub will prioritize engaging critical infrastructure operators and clients who are going through considerable digital transformation exposing them to significant cyber and privacy risks.

The Digital Hub will fundraise either on an ad hoc basis for specific investment projects, or for a larger pot of money to be used against specific regions or sectors of specific importance & funding will be sought initially from Israel and Taipei China.

hese TC programmes have the same standardised scope of work, budget methodology and ranges; EBRD clients will be the main beneficiary of the services, as follows:

Standardised Activity 1: Cybersecurity Preliminary assessment

Assessing enterprise cybersecurity posture using open source information
Assessing enterprise cybersecurity posture using questionnaires
Aligning assessments with Digital Hub Cyber Framework

Standardised Activity 2: Cybersecurity Organizational Due Diligence

Review information security management system
Review and validate mitigation plan and controls
Analyse and formulate mitigation plan

Standardised Activity 3: Implementation Support

Create specific security plans and architectures
Create security based business models
Formulate policy and processes
Support on-boarding of tools and services
Staff training

Standardised Activity 4: Cybersecurity RoSI consultancy, return on Security Investment & expected market conditions & appropriateness of business plan in light of relevant market trends.

Market analysis

Assessment of competitive positioning
Assessment of cyber risks impact on Company's business plan (positive and negative)
Assessment of Company's & competitors' product offerings
The purpose of activity 4 is to develop with the client a rational for investing in its cybersecurity posture beyond resiliency (mainly competitiveness)

Understanding Transition

Further information regarding the EBRD’s approach to measuring transition impact is available here.

Business opportunities

For business opportunities or procurement, contact the client company.

For business opportunities with EBRD (not related to procurement) contact:

Tel: +44 20 7338 7168
Email: projectenquiries@ebrd.com

For state-sector projects, visit EBRD Procurement:

Tel: +44 20 7338 6794
Email: procurement@ebrd.com

Enquiries

Business opportunities

For business opportunities or procurement, contact the client company.

For business opportunities with EBRD (not related to procurement) contact:

Tel: +44 20 7338 7168
Email: projectenquiries@ebrd.com

For state-sector projects, visit EBRD Procurement:

Tel: +44 20 7338 6794
Email: procurement@ebrd.com

General enquiries

Specific enquiries can be made using the EBRD Enquiries form.

TCRS 17908

Status Approved

Location

Regional

Business Sector

Notice Type

Public

PSD Disclosed

11 Aug 2023

Project Description

This TC Programme of the Digital Hub is a complete framework to address cyber risks and will support ICA, SIG and FI investment projects.

Assessing enterprise cybersecurity posture using open source information
Assessing enterprise cybersecurity posture using questionnaires
Aligning assessments with Digital Hub Cyber Framework

Standardised Activity 2: Cybersecurity Organizational Due Diligence

Review information security management system
Review and validate mitigation plan and controls
Analyse and formulate mitigation plan

Standardised Activity 3: Implementation Support

Create specific security plans and architectures
Create security based business models
Formulate policy and processes
Support on-boarding of tools and services
Staff training

Standardised Activity 4: Cybersecurity RoSI consultancy, return on Security Investment & expected market conditions & appropriateness of business plan in light of relevant market trends.

Market analysis

Assessment of competitive positioning
Assessment of cyber risks impact on Company's business plan (positive and negative)
Assessment of Company's & competitors' product offerings
The purpose of activity 4 is to develop with the client a rational for investing in its cybersecurity posture beyond resiliency (mainly competitiveness)

Understanding Transition

Further information regarding the EBRD’s approach to measuring transition impact is available here.

Business opportunities

For business opportunities or procurement, contact the client company.

For business opportunities with EBRD (not related to procurement) contact:

Tel: +44 20 7338 7168
Email: projectenquiries@ebrd.com

For state-sector projects, visit EBRD Procurement:

Tel: +44 20 7338 6794
Email: procurement@ebrd.com

Any competitive selections for business opportunities relating to this project will be published on the EBRD's website: Consultancy Procurement Opportunities.

General enquiries

EBRD project enquiries not related to procurement:
Tel: +44 20 7338 7168
Email: projectenquiries@ebrd.com

Access to Information Policy (AIP)

The AIP sets out how the EBRD discloses information and consults with its stakeholders so as to promote better awareness and understanding of its strategies, policies and operations following its entry into force on 1 January 2020. Please visit the Access to Information Policy page to find out what information is available from the EBRD website.

Specific requests for information can be made using the EBRD Enquiries form

Independent Project Accountability Mechanism (IPAM)

If efforts to address environmental, social or public disclosure concerns with the Client or the Bank are unsuccessful (e.g. through the Client’s Project-level grievance mechanism or through direct engagement with Bank management), individuals and organisations may seek to address their concerns through the EBRD’s Independent Project Accountability Mechanism (IPAM).

IPAM independently reviews Project issues that are believed to have caused (or to be likely to cause) harm. The purpose of the Mechanism is: to support dialogue between Project stakeholders to resolve environmental, social and public disclosure issues; to determine whether the Bank has complied with its Environmental and Social Policy or Project-specific provisions of its Access to Information Policy; and where applicable, to address any existing non-compliance with these policies, while preventing future non-compliance by the Bank.

Please visit the Independent Project Accountability Mechanism webpage to find out more about IPAM and its mandate; how to submit a Request for review; or contact IPAM via email ipam@ebrd.com to get guidance and more information on IPAM and how to submit a request.

Our story

How we invest in changing lives

What we offer for businesses

Search

TC Programme for Cybersecurity Resilience

Project Description

Understanding Transition

Business opportunities

Enquiries

Business opportunities

General enquiries

Project Description

Understanding Transition

Business opportunities

General enquiries

Access to Information Policy (AIP)

Independent Project Accountability Mechanism (IPAM)