Raising the game in European cybersecurity

It's probably fair to say that Covid has pushed cybersecurity to the top of the corporate agenda. Indeed, recent data from PwC suggests that an incredible 91% of UK CEOs are concerned about the threat cybersecurity poses to their business.

“As the criticality of technology has increased over the past year, so have UK CEOs’ fears of cybersecurity threats. This heightened concern is understandable as the stakes are so much higher than they were 12 months ago. Businesses have become more aware of how reliant on technology they are for their very survival, and as such the risk of cybersecurity attacks naturally weighs more heavily on their minds," says Chris Gaines, Cyber Security Leader, PwC UK.

“The technological changes implemented over the past 12 months have not only been across businesses, but also society, and many were implemented in haste. Risk-averse organizations who in different times may have taken years to plan for increased remote working made the change overnight. Organizations must now effectively, securely embed such changes while continuing to evolve and innovate.”

A growing market

It's perhaps no surprise, therefore, that data from Atlas VPN reveals that UK-based cybersecurity firms saw revenue grow by 7% in the last year, with firms raking in an impressive £8.88 billion during 2020.

There are also growing signs that policymakers are taking cybersecurity more seriously. For instance, in 2019 a briefing paper was produced by the European Court of Auditors in which warnings were raised about the lack of coordination in the cybersecurity space and a general sense of fragmentation. This echoed warnings made by the European Commission in 2018, which highlighted over 660 different centers of excellence in cybersecurity spread across the EU.

While there is clearly considerable activity at the national level, there were concerns that this activity was taking place in a haphazard and uncoordinated way. This was compounded by the lack of a central budget to fund any cybersecurity activities at the EU level.

To try and address this, a European Cybersecurity Competence Network has been established, whose aim is “to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market; and to strengthen and sustain Europe’s cybersecurity competence, placing Europe in a leading position in the cybersecurity marketplace.”

Leveraging strengths

The project leverages the Horizon2020 program and will finance a number of pilot projects with an initial budget of €64 million. The Commission then announced further measures at the back end of 2020, with the launch of a brand new Cybersecurity Strategy, which aims to enhance the resilience against cyber threats across Europe, therefore helping both citizens and businesses deal confidently using digital tools and services.

Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, said: "Europe is committed to the digital transformation of our society and economy. So we need to support it with unprecedented levels of investment. The digital transformation is accelerating, but can only succeed if people and businesses can trust that the connected products and services - on which they rely – are secure."

This will see a quadrupling of previous levels of investment, and indeed will ensure that cybersecurity is integrated into all future digital investments made by the Commission. In total, they’ve committed to investing over €300 million themselves, with encouragement given to member states to contribute themselves to the strategy in a range of public-private and cross-border projects.

Developing a cyber shield

At the same time, a political agreement was reached between the EU Parliament and Council to establish both the Network of National Coordination Centres (the Network) and the European Cybersecurity Industrial, Technology and Research Competence Centre (the Centre). They also identified a Cybersecurity Competence Community, with all three prongs of the strategy set to come online during 2021.

The Centre will be located in Budapest and be responsible for coordinating both the Community and the Network. It will be tasked with procuring the latest cybersecurity technology and supporting cutting-edge research and innovation in the field. The community consists of participants and stakeholders from academia, industry, and the public sector.

The hope is that as the strategy begins to come together during 2021 that Europe’s cybersecurity strategy will become more coordinated and coherent, therefore providing a more robust defense against the growing threats faced by the world today. This increased risk is reflected in the significantly increased budget for cybersecurity activities, but it obviously remains to be seen both how effectively this money is spent and how the numerous bodies work together. In terms of the direction of focus, however, it can only be viewed positively.