From 1 February 2026 onwards, the SME Portfolio will only provide support for cybersecurity advisory services. All other themes will be discontinued. This is not merely an administrative change. It is a clear signal from the government about what is considered a priority today. The question is whether you are paying attention to that message.
The figures speak for themselves. Nearly half of Flemish companies experienced at least one cyberattack in 2024. These incidents do not always make the headlines, but their impact can be significant: systems that remain down for days, customer data that is compromised, and invoices that can no longer be sent. For a company with twenty or fifty employees, this is not a minor inconvenience – it is a crisis.
Where do the biggest cybersecurity risks lie today?
You may have been using the same accounting software for years, relying on a cloud storage solution that was set up long ago, and managing a collection of passwords that half the team keeps “somewhere”. New employees are often granted access to everything because it is simply more convenient. And when someone leaves the company, their account is rarely disabled immediately.
This is not an exceptional situation. For many SMEs, it is everyday reality. And it is precisely in these circumstances that problems arise when an incident occurs.
Today, cybercriminals do not need sophisticated tools. A stolen password, an employee clicking on a malicious link, or a system that has not been updated in two years is often all it takes. Once inside, the damage can escalate quickly. Data may be lost, productivity can come to a standstill for days or even weeks, customers lose confidence, and in some cases a ransom demand follows.
What should you do in practice?
You do not need to tackle everything at once, but you do need a structured approach. Start with the fundamentals that most businesses have partially implemented, but rarely completed.
Make sure every employee logs in using multi-factor authentication. That extra step may seem inconvenient, but it prevents a single stolen password from being enough to gain access. Also create an overview of who has access to which systems and remove permissions that are no longer required. Test your backups, not only to confirm they exist, but also to ensure they can actually be restored when needed. And make sure you know exactly what to do if something goes wrong tomorrow. Who do you call? Which systems do you take offline? Who informs your customers?
These are not IT projects. They are business decisions that happen to involve technology.
AI requires reliable and secure data
Many business owners are exploring how they can use AI to work more efficiently: drafting proposals, writing emails, or summarising reports. All of that is possible, and it delivers real value. But AI is only as reliable as the data it relies on.
When data is scattered across different systems, partly outdated, and insufficiently secured, you are building on a weak foundation. Organisations that invest today in clear access rights, reliable systems, and well-protected data create the conditions needed to implement AI in a controlled and gradual way. Those that do not will continue to experiment on the margins and hope for the best.
Cybersecurity as a strategic priority
The government has made cybersecurity the only advisory domain that remains eligible for support through the SME Portfolio. Not because it is a trend, but because it has become a fundamental requirement for doing business in a digital world.
Take advantage of this momentum. A targeted assessment of your current situation, followed by a focused and practical action plan, can be completed more quickly than you might think and is largely eligible for support through the SME Portfolio. The investment required is negligible compared with the cost of just one day of operational downtime.
You do not need to reinvent the wheel. But it is essential to know whether your organisation is built on a solid digital foundation.
