A briefing paper from the European Court of Auditors highlights “multiple challenges” still present in EU cybersecurity policy.
The paper, aimed at providing a comprehensive overview of cybersecurity challenges in the EU, was compiled based on a documentary review of position papers, official policy documents and studies conducted by third parties; as well as field work including a survey of the national audit offices of Member States and interviews with representatives from the public and private sectors. Its authors describe the overall European policy landscape in the sector as “complex and uneven” and list the most pressing issues facing the development of a comprehensive EU-wide cybersecurity strategy.
The challenges outlined in the briefing paper fall into four main categories:
- The policy and legislative framework, with particular focus on streamlining cybersecurity measures between Member States in a “comprehensive, strategic, coherent and coordinated way” – the authors note that data on this front is patchy and not wholly reliable, with little in the way of quantitative outcome assessment or systematic analysis of policy;
- Funding and spending, described in the paper as “low and fragmented”, with no dedicated funding from the EU budget and no “clear picture” of which schemes receive money or how the allocation of funding is determined;
- Boosting “cyber-resilience” – the report highlights the “the absence of a coherent, international cybersecurity governance framework” across the EU, hindering the global community’s capacity to respond promptly to online attacks. The authors also note a substantial shortfall in skilled cybersecurity professionals worldwide, leading to the need for increased training and awareness raising; and
- Responding effectively to incidents: with the EU elections approaching, the authors express concern over potential online interference in the democratic process, stating that the failure to fully integrate cybersecurity policy across the EU raises the bloc’s risk of suffering “large-scale, cross-border” online security breaches.
The European Court of Auditors’ Baudilio Tomé Muguruza, responsible for the briefing paper, said: “The current challenges posed by cyber threats make this a critical time for the EU to strengthen its cybersecurity and its digital autonomy, while requiring continued commitment to the EU’s core values.”