EU funding made cybersecurity development possible

Amid the AI boom and growing cyber threats, a Tampere-based company created a service that brings directive- and regulation-compliant security practices within the reach of small businesses. Without EU funding the project would not have been possible. The level of cybersecurity in companies worries the developer.

Text and photos: Petri Kangas / Business Tampere

Cybersecurity, data protection and IT system safeguards should be at a higher level in Finnish SMEs, says TTL-Systems owner and founder Jyri Nummi. The Tampere-based POS and ICT company rolled up its sleeves and seized the momentum of the AI boom. At the end of 2023, Nummi realized that while some aspects of digitalisation had existed for quite a while, the volume and quality of discussion as well as the general understanding did not match the requirements and potential risks.

“We received support requests and from our monitoring we saw the need for fixes. We began developing protection for data and devices specifically for smaller-scale businesses,” Nummi recalls of the measures taken a couple of winters ago. He continues:

“Our original plan had to be scaled down because we realized the whole field is enormous. The only support for our project was the EU funding we applied for and received. With it we developed the Oma IT product, which includes the safeguards and security policies required by the EU’s NIS2 cybersecurity directive and GDPR data protection regulation, tailored for micro and small businesses from design to implementation and user training,” Nummi explains.

Nummi and the company’s solution architect Ville Hakala quip that for companies there are two big and rather abstract bogeymen: risk management in cybersecurity and the European Union itself.

Tampere-based TTL-Systems develops cybersecurity. In the photo TTL-Systems founder and owner Jyri Nummi. Photographer: Petri Kangas / Business Tampere

Support available

EU funding and applications can feel convoluted and burdensome in day-to-day work, TTL representatives note. Nummi praises the support he received from the ELY Centre. Business Tampere also helps companies navigate towards EU funding opportunities. At Business Tampere, EU expert Jari Ahola works on this front.

“European funding instruments are an underutilised opportunity also among Pirkanmaa-based companies. In practice, businesses already have the capabilities to take part in funding applications. If a company is engaged in product development, the practices are familiar – reporting, planning, execution and cost estimation – but the names of the forms may differ,” Ahola clarifies.

All interviewees echo Socrates and Agit Prop: a company or product development director does not know what they do not know. As soon as inspiration strikes, they encourage companies to get in touch.

This autumn the European Cybersecurity Competence Centre (ECCC) and, on the national level, the Finnish Transport and Communications Agency Traficom’s Cybersecurity Centre, are granting funding support for cybersecurity projects. The call closes on 16 October 2025, with a total of up to two million euros available.

“It is definitely worth checking whether EU funding could be a way to enable growth. There is money in the EU and we need to claim our share. With a reasonable plan and a company’s capacity, I would estimate that in this call there could be 50,000 to 200,000 euros available,” Ahola says.

Many ways to improve

According to system specialist Hakala and TTL, there are relatively inexpensive and simple preparedness measures available. One essential method is role-based access control (RBAC). With an example Hakala illustrates the concept:

“Not every employee needs access to the same information. Think of a bakery using Teams. The bakers can have access to the teams they need and the general channel. Bakers do not see sales tools. Management then sees both sales and bakers,” Hakala says.

The key is that no one sees what they don’t need, and when they see only what they do need, finding information becomes easier and the risk of unwanted sharing decreases.

By developing system protections, other processes can also become more efficient, which may encourage companies to realise that investing in security is an investment, not an expense, TTL representatives emphasise.

“Of course, a computer can be secured so tightly that no one can get in – but then you cannot do anything with it either. A company-specific risk management assessment makes sense because then the customer gets exactly what they need,” Nummi concludes.