According to a recent survey, at least 80% of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38% in 2015.
This damages European companies, whether they are big or small, and threats to undermine trust in the digital economy. As part of its Digital Single Market strategy the Commission wants to reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU.
Andrus Ansip, Vice-President for the Digital Single Market, said: “Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognize borders. Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”
Today’s action plan includes the launch of the first European public private partnership on cybersecurity. The EU will invest €450 million in this partnership, under its research and innovation programme Horizon 2020. Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more.
This partnership will also include members from national, regional and local public administrations, research centers and academia. The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.
The Commission also sets out different measures to tackle the fragmentation of the EU cybersecurity market. Currently an ICT company might need to undergo different certification processes to sell its products and services in several Member States. The Commission will therefore look into a possible European certification framework for ICT security products.
A myriad of innovative European SMEs have emerged in niche markets (e.g. cryptography) and in well-established markets with new business models (e.g. antivirus software), but they are often unable to scale up their operations. The Commission wants to ease access to finance for smaller businesses working in the field of cybersecurity and will explore different options under the EU investment plan.
The Network and Information Security Directive, which is expected to be adopted by the European Parliament on Wednesday, already creates a network of Computer Security Incident Response Teams across the EU in order to rapidly react to cyber threats and incidents. It also establishes a ‘Cooperation Group’ between Member States, to support and facilitate strategic cooperation as well as the exchange of information, and to develop trust and confidence.
The Commission calls on Member States to make the most of these new mechanisms and to strengthen coordination when and where possible. The Commission will propose how to enhance cross-border cooperation in case of a major cyber-incident.
Given the speed with which the cybersecurity landscape is evolving, the Commission will also bring forward its evaluation of the European Union Agency for Network and Information Security (ENISA). This evaluation will assess whether ENISA’s mandate and capabilities remain adequate to achieve its mission of supporting EU Member States in boosting their own cyber resilience.
The Commission also examines how to strengthen and streamline cybersecurity cooperation across different sectors of the economy, including in cybersecurity training and education.