TC Programme for Cybersecurity Resilience (EBRD-17908)

  • Europe and Central Asia
  • Middle East and North Africa
Geographic location where the impacts of the investment may be experienced.
Financial Institutions
  • European Bank for Reconstruction and Development (EBRD)
International, regional and national development finance institutions. Many of these banks have a public interest mission, such as poverty reduction.
Project Status
Stage of the project cycle. Stages vary by development bank and can include: pending, approval, implementation, and closed or completed.
Bank Risk Rating
Environmental and social categorization assessed by the development bank as a measure of the planned project’s environmental and social impacts. A higher risk rating may require more due diligence to limit or avoid harm to people and the environment. For example, "A" or "B" are risk categories where "A" represents the highest amount of risk. Results will include projects that specifically recorded a rating, all other projects are marked ‘U’ for "Undisclosed."
  • Communications
  • Industry and Trade
  • Technical Cooperation
The service or industry focus of the investment. A project can have several sectors.
Investment Amount (USD)
Not Disclosed
Value listed on project documents at time of disclosure. If necessary, this amount is converted to USD ($) on the date of disclosure. Please review updated project documents for more information.
Primary Source

Original disclosure @ EBRD website

Updated in EWS Aug 15, 2023

Disclosed by Bank Aug 11, 2023

Contribute Information
Can you contribute information about this project?
Contact the EWS Team

Project Description
If provided by the financial institution, the Early Warning System Team writes a short summary describing the purported development objective of the project and project components. Review the complete project documentation for a detailed description.

As stated by the EBRD, accelerating the digital transition is one of the three cross-cutting themes of the EBRD's Strategic and Capital Framework (SCF) 2021-25. The new digital approach approved in November 2021 is implemented by the Digital Hub, a dedicated unit established in January 2022. To accelerate the digital transition, the Bank is establishing the foundations for digital transformation, promoting adaptation among enterprises and governments, and supporting innovation and new market entrants.

As cyber threats pose considerable risks for the achievement of these goals, the Digital Approach committed to:(1) The Bank's external policy and investment promotional activities take into account cyber issues; (2) The Bank undertakes an appropriate level of cyber due diligence to ensure the compliance of investee companies, where necessary. Cyber threats are relevant to the great majority of the Bank`s investments in all sectors and all regions, to corporations.

This TC Programme of the Digital Hub is a complete framework to address cyber risks and will support ICA, SIG and FI investment projects.

The TC programme will facilitate four functions:
A. Preliminary assessment of existing EBRD clients, or prospective clients or groups of such clients to raise awareness to the risk and help formulate a strategic course of action. In the context of a generic project, or at the exploratory phase of a designated cybersecurity project.
B. In depth assessment of clients during the Due Diligence phase to develop a specific technical mitigation plan for the cyber risk to the resiliency of the organization, the specific project and/or client`s ICT offering. In the context of a generic project, or at as part of a designated cybersecurity project.
C. Supporting the client in implementing a technical cybersecurity mitigation plan.
D. Cybersecurity RoSI (Return on Security Investment) consultancy.Project`s pipeline should be large, as although not all projects have substantial cyber risks, dozens of EBRD projects with considerable cyber risks are approved each year. Additionally, demand from clients and prospective clients to receive support to enhance their cybersecurity resiliency, not in the context of a specific project, is also considerable. This demand is not confined to a specific region or sector, however the Digital Hub will prioritize engaging critical infrastructure operators and clients who are going through considerable digital transformation exposing them to significant cyber and privacy risks.

The Digital Hub will fundraise either on an ad hoc basis for specific investment projects, or for a larger pot of money to be used against specific regions or sectors of specific importance & funding will be sought initially from Israel and Taipei China.

These TC programmes have the same standardised scope of work, budget methodology and ranges; EBRD clients will be the main beneficiary of the services, as follows:

Standardised Activity 1: Cybersecurity Preliminary assessment

  • Assessing enterprise cybersecurity posture using open source information 
  • Assessing enterprise cybersecurity posture using questionnaires
  • Aligning assessments with Digital Hub Cyber Framework

Standardised Activity 2: Cybersecurity Organizational Due Diligence

  • Review information security management system
  • Review and validate mitigation plan and controls
  • Analyse and formulate mitigation plan

Standardised Activity 3: Implementation Support

  • Create specific security plans and architectures
  • Create security based business models
  • Formulate policy and processes
  • Support on-boarding of tools and services
  • Staff training

Standardised Activity 4: Cybersecurity RoSI consultancy, return on Security Investment & expected market conditions & appropriateness of business plan in light of relevant market trends.

Market analysis

  • Assessment of  competitive positioning
  • Assessment of cyber risks impact on Company's business plan (positive and negative)
  • Assessment of Company's & competitors' product offerings
  • The purpose of activity 4 is to develop with the client a rational for investing in its cybersecurity posture beyond resiliency (mainly competitiveness)
Investment Description
Here you can find a list of individual development financial institutions that finance the project.

Contact Information
This section aims to support the local communities and local CSO to get to know which stakeholders are involved in a project with their roles and responsibilities. If available, there may be a complaint office for the respective bank which operates independently to receive and determine violations in policy and practice. Independent Accountability Mechanisms receive and respond to complaints. Most Independent Accountability Mechanisms offer two functions for addressing complaints: dispute resolution and compliance review.

EBRD project enquiries not related to procurement:

Tel: +44 20 7338 7168


You can request information by emailing: or by using this electronic form:


The Project Complaint Mechanism (PCM) is the independent complaint mechanism and fact-finding body for people who have been or are likely to be adversely affected by an European Bank for Reconstruction and Development (EBRD)-financed project. If you submit a complaint to the PCM, it may assess compliance with EBRD's own policies and procedures to prevent harm to the environment or communities or it may assist you in resolving the problem that led to the complaint through a dialogue with those implementing the project. Additionally, the PCM has the authority to recommend a project be suspended in the event that harm is imminent.

You can contact the PCM at: or you can submit a complaint online using an online form at:

You can learn more about the PCM and how to file a complaint at:

How it works

How it works