Background  

Cybersecurity is a key enabler of economic progress and improving living standards in the digital economy. This became even more evident during the COVID-19 pandemic, where we have been forced to adopt rapid digitalisation and migrate online government, business, and social activities.1 As the digital landscape evolves, Small and Medium Enterprises (SMEs) play an important role across all ASEAN economies. They are essential for providing jobs and social stability, and livelihood for hundreds of millions of people across the region. Despite its potential, rapid digitalisation has also ushered an increasing trend in fraud, scams and financial crimes enabled by technology – exposing these businesses to an array of cyber risks, constantly evolving, becoming more sophisticated, and exploiting the smallest vulnerabilities.  

A survey conducted by CISCO highlights the significant cybersecurity challenges faced by SMEs in the Asia-Pacific region. According to the findings, 84% of SMEs feel vulnerable to cyber threats, 56% have experienced a cyber incident in the past 12 months, and 39% believe their existing cybersecurity solutions are inadequate to protect them from cyberattacks.1 Therefore, having a robust cybersecurity strategy is essential for SMEs to ensure continued security and growth.  

The ASEAN Political-Security Community Blueprint 2025 highlights the importance of strengthening cooperation in combating cybercrimes, including conducting awareness-raising efforts of ASEAN Member States. Additionally, banks, governments, telecommunications providers (“telcos”) and digital platforms implement capacity-building efforts as part of their cybersecurity strategy. These initiatives are also reflected in various ASEAN programmes, such as the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) and the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE).  

As an organ of ASEAN, the ASEAN Foundation (AF) has strengthened the ASEAN Community through its contributions to digital skills and employability programmes. Supporting the ASEAN ICT Masterplan 2020 and the ASEAN Work Plan on Education 2021-2025, AF completed the ASEAN Cybersecurity Skilling Programme (ACSP). Over the span of 15 months, ACSP delivered cybersecurity training to over 24,000 participants in 7 AMS in collaboration with 634 master trainers and 10 local implementing partners (LIPs). Mastercard, an established global payments network, has partnered with local economies and government agencies to enable higher living standards through secure digitalisation. Its efforts lie in three main pillars: 1) Awareness raising, 2) Building people capability, and 3) Capacity upgrading. With a shared vision, the ASEAN Foundation, supported by Mastercard, will design a pilot project, which includes a targeted capacity-building programme for SMEs to support the region’s cyber maturity.  

Objectives 

Through a cyber hygiene rating tool, Small and Medium Enterprises (MSMEs) will be able to quickly get a sense of the cyber posture as well as the areas they need to work on to reduce vulnerabilities. 

Tentative Timeline  

Eligibility Criteria 

Small-Medium-Enterprises (SMEs) from ASEAN countries with the following qualifications are eligible to apply: 

• The founders, co-founders, CEOs, and high-positioned team members of the SMEs participating in the programme are ASEAN nationals. 
• All team members must reside in one of the 10 ASEAN countries: Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Viet Nam. 
• If selected, the project leader or focal point from SME must be fully committed to participating in the entire cycle of the ASEAN Cybersecurity Programme. Though not mandatory, the project leader or focal points can invite additional team members to participate. 
• The SMEs operating in Industries particularly vulnerable to Cybersecurity threats, such as the following: 

• • Retail and e-commerce 
  • Healthcare 
  • Financial services 
  • Hospitality and tourism 
  • Technology startups 
  • Education services (Open to other industries with a digital presence as part of their core business operations.) 
• SMEs should already have some form of an online presence, such as:  
• • A website 
  • Internet facing infrastructure - any digital resources, systems, or services within an organisation that are directly accessible or interact with the public internet, making them potential targets for cyberattacks.   
  • SMEs without a digital presence but with concrete plans to establish one may also qualify. 
• SMEs at various levels of cybersecurity awareness are encouraged to apply, from those with minimal knowledge to those looking to strengthen existing practices.  

• • Includes businesses that have experienced cybersecurity incidents (E.g., phishing attacks, data breaches) and those actively seeking to improve their cybersecurity posture.
  • Since the programme will be delivered in English, SMEs should have at least one team member with a working proficiency in English.  

Requirements for Participation  

• Access to a stable internet connection for online learning.  

• Must provide basic business or professional details (E.g., company registration for SMEs).  

• Proficiency in English, since the programme will be fully delivered in English.  

Benefits of the Programme  

• Enhanced Cybersecurity Awareness and Digital Resilience: Through My Cyber Risk, participants will understand the cyber hygiene of externally facing infrastructure. This will enable participants to prioritise the remediation of critical risks and protect their organisation against cyber-attacks. 

• Capacity Building and Skill Development: Through self-paced and guided learning, beneficiaries will develop practical cybersecurity skills, improving their digital literacy, data protection strategies, and cyber risk management capabilities.  

• Increased Competitiveness: For SMEs, adopting cybersecurity best practices will boost consumer trust and enhance business security. For youth, acquiring cybersecurity skills opens career opportunities in the growing field of digital security.  

About My Cyber Risk  

• How My Cyber Risk Works – My Cyber Risk uses non-invasive techniques to continuously evaluate your external facing IT footprint and monitor your cybersecurity risk. Utilising sophisticated analytics leveraging a variety of data sources and over 40 security criteria backed by thousands of security checks, My Cyber Risk distills issues discovered into a simple letter grade which reflects the overall security rating of your website. All findings are displayed and explained in your portal, so you can easily prioritise responses, act efficiently to improve your cyber hygiene, and effortlessly track your progress over time.​ 
• My Cyber Risk provides small businesses with:  

• • Cyber risk rating of your online environment​ 

• • Security profile that encompasses a list of vulnerabilities prioritized by asset value and issue severity ​ 

• • IT profile that encompasses a list of all internet-facing systems and their hosting details, such as the name and location of the hosting provider and number of systems being hosted with that provider​ 

• • Downloadable detailed reports on all identified vulnerabilities​ 

• • High-level remediation action plans for fixing the uncovered vulnerabilities 

How to Apply 

All interested applicants are required to apply to the programme by completing the application form on the following LINK by 31 May 2025. Incomplete completion of the form will not be further processed for shortlisting.  

Applicants are advised to carefully review all information before submitting their application. For any inquiries, please email at [email protected] 

Only selected candidates will be notified. Competition updates, including winner announcements, will be shared on ASEAN Foundation's social media channels.