In a significant move toward bolstering the European Union’s defenses against cyber threats, Roberto Viola, the Director-General of the European Commission’s digital unit, emphasized the urgent need for enhanced cybersecurity measures. Speaking at a Brussels conference post the June EU elections, Viola highlighted the relatively lower incidence of ransom attacks in Europe compared to other regions. Despite this, he pointed out a critical requirement: “We need to invest in cybersecurity. We need to double our investments, as a minimum,” Viola asserted.
This call to action comes in the wake of the European Commission earmarking a notable €214 million for cybersecurity in 2024, aimed at strengthening the Union’s collective resilience against cyber threats. This funding, part of a broader work programme, will be implemented by the European Cybersecurity Competence Centre located in Bucharest. Such measures underscore the EU’s commitment to elevating its cybersecurity infrastructure, especially under the forthcoming mandate of the next European Commission.
During the tenure of the current Von der Leyen Commission, significant strides have been made in the realm of cybersecurity. Proposals such as the update of the Network and Information Security Directive (NIS2) and the recently approved Cyber Resilience Act have laid a solid groundwork for future efforts. Furthermore, both lawmakers and national governments have recently endorsed measures to enhance collective responses to cyber threats through the establishment of an EU-wide infrastructure, complete with cyber hubs spread across the bloc.
However, as Despina Spanou, Chief of Cabinet of EU Security Commissioner Margaritis Schinas, noted at the same Forum Europe event, the journey is far from over. With new legislation in place, the focus must now shift to effective implementation. “There is still much to do in terms of new legislation, but we have a challenge with implementation. NIS 2 is already immense, and the Cyber Resilience Act is demanding as well,” Spanou remarked.
The NIS2 directive, which member states are required to incorporate into national law by 17 October this year, is aimed at safeguarding critical infrastructures including energy, transport, banking, water, and digital services. The urgency of these measures is underscored by the escalating cyber threats, as highlighted by Florian Pennings, Microsoft’s Director of European Cybersecurity Policy. Citing data, Pennings pointed out that 70% of organisations targeted by cyber attacks have fewer than 500 employees, emphasizing the widespread risk and the potential for AI-powered solutions to enhance decision-making speeds in response to threats.
The European Union’s concerted efforts to double down on cybersecurity investments are not merely a response to current threats but a proactive measure to safeguard its digital infrastructure and the economy at large. As the EU prepares for the challenges ahead, the focus on implementation and the effective utilization of allocated resources will be crucial in ensuring a resilient and secure digital future for all member states.
