HomeInsightsEuropean Commission signs agreement with industry on cybersecurity and steps up efforts to tackle cyber-threats.

The Commission has launched a new public-private partnership on cybersecurity that is expected to trigger €1.8 billion of investment by 2020.  This is part of a series of new initiatives to better equip Europe against cyber-attacks and to strengthen the competitiveness of its cybersecurity sector.

The Commission says that, according to a recent survey, at least 80% of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38% in 2015.  This damages European companies, whether they are big or small, and threatens to undermine trust in the digital economy.  As part of its Digital Single Market Strategy, the Commission says that it wants to “reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU”.

The action plan includes the launch of the first European public private partnership on cybersecurity.  The EU will invest €450 million in this partnership, under its research and innovation programme Horizon 2020.  Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more.  This partnership will also include members from national, regional and local public administrations, research centres and academia.  The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.

The Commission also sets out different measures to tackle the fragmentation of the EU cybersecurity market.  Currently an ICT company might need to undergo different certification processes to sell its products and services in several Member States.  The Commission will therefore look into a possible European certification framework for ICT security products.

The Commission says that a “myriad of innovative European SMEs have emerged in niche markets” (e.g. cryptography) and in well-established markets with new business models (e.g. antivirus software), but they are often unable to scale-up their operations.  The Commission wants to ease access to finance for smaller businesses working in the field of cybersecurity and will explore different options under the EU investment plan.

The Network and Information Security Directive, which has now been adopted by the European Parliament (see item below), already creates a network of Computer Security Incident Response Teams across the EU in order to rapidly react to cyber threats and incidents.  It also establishes a “Cooperation Group” between Member States, to support and facilitate strategic cooperation, as well as the exchange of information, and to develop trust and confidence.

The Commission calls on Member States to “make the most of these new mechanisms” and to “strengthen coordination when and where possible”.  The Commission says that it will propose how to enhance cross-border cooperation in case of a major cyber-incident. Given the speed with which the cybersecurity landscape is evolving, the Commission says that it will also bring forward its evaluation of the European Union Agency for Network and Information Security (ENISA). This evaluation will assess whether ENISA’s mandate and capabilities remain adequate to achieve its mission of supporting EU Member States in boosting their own cyber resilience.  To read the Commission’s press release in full and to access relevant documents, click here.

Expertise

Topics