Networked technologies are the name of the game in today’s business world, with global events disrupting the status quo. The pandemic accelerated the penetration of digital services, while the war in Ukraine (which has long since broken out into cyberspace) has clearly demonstrated just how vulnerable companies, organisations and even society at large are.
Armies of online trolls, fake news, election meddling – cyber espionage and cybercrime pose a serious security threat. The European Union is addressing the problem head on.
What is cybersecurity?
The term ‘cybersecurity’ refers to a collection of technologies, processes and practices aimed at protecting the integrity, availability and confidentiality of digital information and systems. Today, cybersecurity is critical, with more and more data being stored and shared online. Our reliance on digital technologies constantly gives rise to ever new and increasingly sophisticated threats.
What are cyber threats?
Cyber threats can range from a simple phishing email sent to a private individual to complex hacker attacks on businesses, organisations, governments and critical infrastructure. Without adequate cybersecurity measures, private and business data can be compromised, leading to financial loss, reputational damage and even political conflict.
What is the EU doing for cybersecurity?
The EU has taken several measures to combat cyber threats and increase cybersecurity in Europe. These include the EU Cybersecurity Strategy, adopted in 2020, and the 2019 EU Cybersecurity Act. Further efforts included establishing the European Computer Emergency Response Team (CERT-EU) and strengthening the European Union Agency for Cybersecurity (ENISA).
What is the EU Cybersecurity Strategy?
Released in December 2020, the EU Cybersecurity Strategy aims to ensure a global and open online world with strong safeguards. The objective is to prioritise cybersecurity and deploy the necessary instruments to protect people as well as the economy and society in EU countries from cyber threats.
The strategy includes a series of actions to be implemented in three main areas:
- Resilience, technological sovereignty and leadership:
The EU Cybersecurity Strategy helps ensure that businesses and organisations in Europe are better protected against cyber threats, with a particular focus on strengthening technical infrastructure.
- Operational capacity to prevent, deter and respond:
Action must be taken to prevent cybercrime and to fight attacks when they happen. EU countries are to work more closely together to respond quickly and effectively to threats.
- Cooperation to advance a global and open cyberspace:
The EU is working closely with other countries and international organisations to strengthen cybersecurity worldwide.
Regulators and the private sector also have an important role in implementing the strategy. The EU wants to ensure that all relevant actors cooperate closely to create a safe online environment.
What are the key rules of the EU's Cybersecurity Strategy?
The EU wants to play a leading role in shaping a secure and open cyberspace and is committed to a coordinated international approach to combating cyber threats. Important rules:
- The Joint Cyber Unit focuses on strengthening cooperation among EU institutions, agencies, bodies and the authorities in the member states.
- The NIS2 Directive aims to increase the level of cyber resilience across the EU, promoting a culture of security by requiring companies and organisations to take appropriate measures to protect their IT systems and networks.
- The Cyber Resilience Act (CRA) aims to bolster a secure digital world by encouraging businesses and government agencies to take steps to protect their IT systems and networks and arm themselves against cyber threats.
You might also be interested in reading The NIS2 Directive: A step-by-step compliance guide and What every business in the EU needs to know about the NIS2 Directive.
Why should European businesses and organisations employ a coordinated approach to cybersecurity?
A coordinated approach ensures that all involved parties, from governments to businesses and organisations, follow the same strategy when working towards a secure digital environment. Working closely together to align all cybersecurity measures means the relevant actors can identify and combat threats more effectively.
By taking a coordinated approach, a unified regulatory framework can be created that makes it easier for companies and organisations to harmonise and improve their cybersecurity practices. This, in turn, ensures that all companies and organisations adhere to the same high standard for cybersecurity management. The upshot is a reduced risk that vulnerabilities will be exploited by bad actors.
What cybersecurity policies is the EU pursuing?
The EU is committed to protecting its citizens from the increasing threats of cybercrime and has therefore enacted various laws and regulations that govern cybersecurity. Examples:
- In Germany, the BSI Act regulates the tasks and competences of the Federal Office for Information Security (BSI). It ensures that the BSI is able to effectively safeguard cybersecurity in Germany.
- The EU’s Network and Information Security Directive (NIS Directive) establishes the responsibilities of companies and organisations to ensure cybersecurity and improves cooperation between Member States in combating cyber threats.
- The Electronic Identification and Trust Services Regulation (eIDAS Regulation) regulates the use of electronic identification and trust services in the EU and ensures interoperability and security.
- There are IT Security Acts in individual EU Member States that regulate IT security and ensure that businesses and organisations protect their IT systems against cyber threats.
- The General Data Protection Regulation (GDPR) implements strict rules for the handling of personal data and ensures that companies and organisations process and store such data in a secure manner.
What does EU cybersecurity policy mean for businesses?
Cybersecurity policy in the EU requires businesses to meet certain minimum standards in managing and securing their information and communication systems. It also protects their customers and business partners from the risks and threats they face in cyberspace.
Companies that fail to comply with the relevant cybersecurity regulations face heavy penalties as well as damage to business operations and company reputation. Given this risk, companies should regularly audit their information and communication systems to ensure compliance.
Which cybersecurity authorities are there in the EU?
There are a number of cybersecurity authorities in the EU responsible for monitoring and combating cybersecurity threats. They include:
- The European Union Agency for Cybersecurity (ENISA), is the EU’s lead cybersecurity agency. It is dedicated to achieving a high common level of cybersecurity across the EU by providing assessments and recommendations as well as promoting cooperation and networking.
- Computer Emergency Response Teams (CERTs) are organisations that respond to cyber threats and attacks in real time and provide support to help combat threats. There are both national CERTs and regional ones active in specific parts of the EU.
- Europol’s European Cybercrime Centre (EC3) is one of the main European authorities fighting against cybercrime. The key objective of EC3 is to improve the exchange of information and foster closer cooperation between EU Member States.
The EU’s cybersecurity authorities work closely with those of the Member States to ensure the effective and efficient implementation of the EU’s cybersecurity strategy. This coordinated approach is intended to guarantee trustworthy digital technologies and a high level of cybersecurity in the EU.
How can DataGuard help businesses with cybersecurity?
With our InfoSec-as-a-Service solution, DataGuard is your partner for cybersecurity and information security. Thanks to deep expertise, our dedicated team of professionals is adept at implementing best practices for a wide range of projects, for example setting up and running an information security management system (ISMS).
Our team provides you with the know-how and consultation you need to protect your business against cyberattacks.
In addition, DataGuard’s information security platform offers numerous policies for information security and cybersecurity. It serves as a valuable basis that you can use to review your own processes.
Another useful resource is the DataGuard Academy, a platform-based and efficient way to complete courses in cybersecurity training – and familiarise yourself with the latest cyber threats in the process.
To a significant degree, technology determines our everyday life, which is why cybersecurity is a crucial factor for the success of companies and organisations. Besides leading to financial losses, data breaches can also affect the trust of customers and business partners.
Effective cybersecurity efforts help promote a secure digital world. They not only protect the businesses that implement them, but also their customers, suppliers and other stakeholders.
Are you curious to know what cyber risks you might face and how you can protect yourself and your workforce against them? We at DataGuard are happy to help! Contact one of our information cybersecurity experts today.