Security in the digital age: can Europe hack it?

By Cecilia BONEFELD-DAHL, Director-General of DIGITALEUROPE.

Security is like a chain and humans are always the weakest link. If Europe wants to be safe, it cannot tackle

cybersecurity as a purely technological challenge. People should be the focus to improve awareness and skills.

As all things cyber are currently gaining traction amongst world leaders, they need to see the bigger picture and provide adequate incentives to create an enabling and trust- worthy environment.

Cyber-attacks feature at the fifth place amongst the top ten risks to lookout for in 2019.

In 2015, 19% of internet users were discouraged from online purchases because of security concerns.

By 2025, fewer than 10% of internet users should be deterred from online purchases due to safety concerns.

If Europe wishes to patch its vulnerabilities, deeper cooperation and coordination is needed.

“Europe’s leaders should take the responsibility to build trust”

DIGITALEUROPE released its Call to Action for A Stronger Digital Europe 2025 to envision Europe’s next-generation challenges in the digital age.

Trust is fundamentally important as it is the glue that holds relationships together and features as a basic pre-requisite for a well-functioning and engaging democracy.

Together, leaders from the EU, governments and industry can strengthen our common cybersecurity through information-sharing, best practices and a common approach.

Industry plays a vital role in harbouring cybersecurity and a secure infrastructure, and agile partnerships are key to fend off malicious cyber activities across borders.

By 2025, all large European enterprises should have a clear cybersecurity strategy.

Efforts need to be made for SMEs to implement cybersecurity strategies by an additional 20%. In 2015, only 31.6% had formally defined their ICT security policy.

On this matter there is a great variance with 72.1% of large enterprises having done so against only 27.1% of small ones.

“It is time to fill in the gap of cybersecurity professionals”

Everyone has a role to play, from private citizens, micro-enterprises to larger organisations.

Cyber hygiene and awareness are critical to ensure an acceptable level of protection against cyber threats, both at home and at work.

To that end, education and skills form an integral part of the response.

By 2025, Member States, universities and businesses should be training specialists for the most in-demand jobs, including cybersecurity.

Additionally, Europe should strive to invert the increasing gap of cybersecurity professionals that it requires. As of now, the gap is expected to rise to 350,000.

Moreover, there needs to be far more inclusion to diversify the talent pool in the sector.

Cyber threats do not discriminate against their targets and Europe should be able to benefit from the brightest minds to defend itself.

Ideas and initiatives need to be nurtured in a spirit of collaboration through the support of cyber competence centres across the continent.

These valuable networks can federate research and align understandings on future solutions.

Europe should continue to adopt a multi-stakeholder and consensus-based approach to addressing security issues.

As such, a growing number of stakeholders are adhering to the Paris Call for Trust and Security in Cyberspace.

Dialogue is a first yet vital step to promote responsible norms of State behaviour in cyberspace.

Europe has achieved many milestones in integrating cyber issues into its policy-making.

Ever since the adopting of its first cybersecurity strategy, Europe has increasingly adopted ambitious measures to improve Europe’s security.

It is now time for Member States to promptly capitalise on these initiatives and fully implement the NIS Directive.

“Europe must prepare for unified and coordinated responses to cyber incidents”

Relevant labelling schemes and standards on a given product, service or solution could provide basic guidance to users concerning acceptable levels of protection.

Europe’s cybersecurity agency ENISA currently has a solid mandate to ensure harmonised practices and facilitate cooperation with industry.

Businesses across various sectors need clear Code of Conducts to establish an agreeable baseline and complement the reach and scope of GDPR. Indeed, efforts need to be concerted to make GDPR fit for technological change.

Infamous cyber-attacks such as NotPetya and Wannacry have left Europe with a lot to cogitate on.

A unified and coordinated response is what is needed to prepare, adapt and recover from future incidents.

However, human failings in security are nothing new. Almost two centuries ago, Europe witnessed its first major cyber-attack as bankers hacked a mechanical telegraph system.

They bribed tower operators who encoded messages to share market information before it reached their competitors.

It was also apparent legislators had to adapt policy to tackle novel challenges.

Indeed, at the time there were no laws addressing the misuse of data networks, making it hard to convict the Blanc brothers.

Leaders must devise future-proof policies that will allow European people to be safe and prosper.

The ability for organisations to absorb shocks and recover make cyber-resilience the motto of today’s interconnected world.