- Network partners
- Sector group
-
ICT Industry & Services
- Countries
-
ICELAND
Syndis is at the forefront of innovation in cybersecurity services and products. This leading information security company’s lofty ambition was to make Iceland a global leader in cybersecurity. But first it had to improve the country’s cybersecurity resilience.
Towards a more cyber-resilient society
The solution came in the form of a nationwide bug bounty platform. This reporting web portal harnesses the know-how of ethical hackers, security researchers and cybersecurity enthusiasts to identify and deal with vulnerabilities throughout Iceland’s digital infrastructure. They receive rewards or bounties for reporting these cybersecurity vulnerabilities.
The idea had great potential, but Syndis lacked the resources to accelerate and scale up a bug bounty programme intended for large communities. The company also knew that funding was available – given the importance the EU places on investing in cybersecurity – but did not know where to start.
In 2022, Syndis turned to the Enterprise Europe Network, Iceland to see how it could turn an innovative concept into a successful product. The Network’s host organisation Icelandic Centre for Research (Rannis) manages and coordinates the country’s participation in EU funding programmes. More notably, it oversees the European Commission’s Digital Europe Programme that provides funding opportunities for cybersecurity projects through calls for proposals.
Sigthrudur Gudnadottir and Mjöll Waldorff, senior advisers at Rannis, guided Syndis every step of the way, from preparation to submission. "We assessed whether the call was applicable to their vision for the project throughout the grant agreement process," said Gudnadottir. "To assist the company in demonstrating the project’s international potential, we helped them to establish a clear link between their own vision and that of European and national cybersecurity policies."
Crowdsourcing for a safer digital environment for businesses and citizens
In 2023, Enterprise Europe Network Iceland helped Syndis secure over EUR 2 million from Digital Europe to lead a project that will create a cost-effective, accessible platform and demonstrate the feasibility of a national approach to cybersecurity resilience. As a result, the spin-off Defend Iceland was set up to make all this a reality. The platform will include an automated attack surface mapping feature that uncovers any organisation’s cybersecurity footprint and scans digital assets to identify vulnerabilities in real time.
"I don’t think we would have been successful in securing the grant, and I’m forever grateful for the level of support and encouragement we received," said Theódór Gíslason, co-founder, chief technology officer and head of innovation at Syndis. He currently runs the project.
The banks in Iceland are on board with the bug bounty platform. Defend Iceland has secured contracts with all of them. Since the project officially kicked off in November 2023, annual recurring revenue has gone from zero and is closing in on EUR 50 000 per month. Defend Iceland employs eight people, with further growth expected. It has received over 100 vulnerability reports submitted to customers’ bug bounty programmes and processed vulnerability rewards that exceed EUR 50 000.
Gíslason is extremely proud of the reward fund. Defend Iceland is taking the processing fee for vulnerability rewards that customers pay and putting it into its communal reward fund. This fund is intended as a reward pool for important companies, vulnerabilities that have great societal impact, and non-governmental organisations or small enterprises that otherwise cannot afford to pay for vulnerabilities.
The fund totals close to EUR 10 000 and is growing steadily. Another encouraging development is the fact that the ethical hackers have started donating a percentage of their rewards to this communal fund, and in some cases, even the entire reward.
Following in Iceland’s digital footsteps
Gíslason envisions taking the existing model and approach and developing it into a marketable product that can be adapted anywhere in Europe. The plan is to establish similar communities across Europe with ethical hackers who care about their community and want more secure digital spaces. He aims to make this emerging technology accessible to all, especially SMEs, and not just big companies that have the resources to start their own vulnerability disclosure and bug bounty programmes.
"If successful, we hope this example will be one that not only applies to Europe, but serves as a model for the world of the future about how we can democratise cyber resilience by crowdsourcing the discovery of digital threats through strong communities and positive security culture," concluded Gíslason.
The Network in Iceland will continue to work with and support Defend Iceland for the duration of the project. In addition, it is looking into future collaboration and market opportunities in Europe.
A new video by Rannis presents the fruitful collaboration with Defend Iceland.