Evolution and Perspectives of the Keep IT Secure Ecosystem:A Six-Year Analysis of Cybersecurity Experts Supporting Belgian SMEs

TL;DR

This paper analyzes a six-year effort to support Belgian SMEs in cybersecurity through expert networks, highlighting progress, lessons learned, and alignment with national certification frameworks.

Contribution

It presents a long-term case study of the Keep It Secure initiative, emphasizing structured expert validation and ecosystem development for SME cybersecurity.

Findings

Increased alignment with Belgium's Cyber Fundamentals framework.

Expert validation improves SME cybersecurity practices.

Long-term ecosystem analysis reveals strengths and weaknesses.

Abstract

The importance of cybersecurity for Small and Medium Enterprises (SMEs) has never been greater, especially given the rise of AI-driven threats. Supporting SMEs requires a sustained effort to ensure they have access to resources and expertise covering awareness, protection, auditing, and incident response. Since 2019, our work with the Keep It Secure initiative has focused on helping Belgian (Walloon) SMEs strengthen their cybersecurity posture through access to a network of labelled cybersecurity experts. In this process, we interviewed over 120 professionals from around 90 companies and gathered rich insights about the nature, strengths and weaknesses of our regional ecosystem. While our initiative primarily targets the labelling of cybersecurity experts, we demonstrate increasing alignment with the broader Cyber Fundamentals framework deployed at the federal level in Belgium, which supports official certification. This paper reports on the progress and lessons learned from this long-term effort, highlighting how expert validation, based on a structured evaluation approach, can help improve SME cybersecurity.