How is the European Union dealing with an evolving cybersecurity landscape?

Cyberattacks have targeted the critical infrastructure of Member States in the European Union almost every month. Attackers only need seconds to exploit a vulnerability, while an entire industry may wait days or months for a patch to be released. To protect our data and communication and ensure a safe digital future, the European Union must address the fragmentation of the cybersecurity landscape and bring together efforts, knowledge, and expertise. By promoting strategies, policies, investments, initiatives, and projects, Europe aims to become more resilient and prepared for cyber threats.

In 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy released the Cybersecurity Strategy. The strategy aims to build collective capabilities and respond to significant cyberattacks, working with partners worldwide to ensure international security and stability in cyberspace. Taking a more active role, organisations like ENISA (the European Union Agency for Cybersecurity) are working to support Member States, EU institutions, and businesses in cybersecurity.

Regarding investment, cybersecurity is one of Europe’s top priorities following the coronavirus crisis. It has been included in the Recovery Plan for Europe and InvestEU. Additionally, there has been direct support for research and innovation projects through funding programs such as Horizon 2020, Horizon Europe, and the Digital Europe Programme for 2021-2027. Under the Digital Europe Programme, €1.9 billion has been invested in cybersecurity capacity, aiming for the widespread deployment of cybersecurity infrastructures and tools across the EU for public administrations, businesses, and individuals.

Despite these active efforts regarding capacity building, the latest report by ENISA in May 2024 revealed an increasing need for more cyber skills. The report highlighted a need for more awareness at 74%, hiring difficulties at 45%, lack of qualifications and certification at 76%, and issues related to diversity and inclusion at 70%. The EU Cybersecurity Skills Academy, launched as part of the European Year of Skills, pools together private and public initiatives at European and national levels to address the gap in the cybersecurity workforce. To overcome the underrepresentation of women in cybersecurity, the Commission sets up the Women4Cyber Registry, a space of cooperation and visibility for them.

In addition to upskilling Europe, we need the means to connect experts and coordinate European efforts. In response, the Cybersecurity Competence Centre and Network was established to consolidate expertise and coordinate European development and implementation of cybersecurity technology. By collaborating with industry, academia, and other stakeholders, the institution is focused on supporting projects like COcyber.

The COcyber project aims to improve collaboration between military and civilian cybersecurity communities at the European Union and Member States levels under the EU Cyber Defence Policy. This policy addresses the deteriorating security environment following Russia's aggression against Ukraine and is willing to boost the EU's capacity to protect its citizens and infrastructure. In a two-year journey, our mission, funded under the Digital Europe Programme of the European Union, will be to influence and shape cybersecurity policies at the EU level to promote cooperation. This value is at the core of its five partners: industry, academia, and network. organisations. To achieve this, we will notably identify best practices and four case studies to enhance collaboration between the civilian and defence sectors.