Making progress on cybersecurity in Europe - Main contents

Today we launched a public-private partnership on cybersecurity that is expected to trigger €1.8 billion of investment by 2020. The EU will support this partnership with €450 million of funding, under its research and innovation programme Horizon 2020. Cybersecurity market players that join the partnership are expected to contribute three times more.

The PPP will include members from national, regional and local public administrations, research centres and academia. One of its main objectives is to build cybersecurity solutions for a range of important sectors, such as energy, health, transport and finance.

Trust and confidence are vital aspects in the digital world. However, cybersecurity incidents cause major economic damage to European businesses and the entire economy every day. They involve theft of commercial secrets and business information, personal data breaches and disruption of services or infrastructure. These result in losses of hundreds of billions of euros each year. According to a recent survey, 80% of companies in Europe have experienced at least one cybersecurity incident over the past year, and the number of security breaches worldwide rose by 38% in 2015 compared to 2014.

Since the adoption of the EU Cybersecurity Strategy in 2013, the European Commission has stepped up its efforts to better protect Europeans online. We have tabled a range of legislative proposals, in particular on network and information security, and earmarked €500 million of EU investment for research and innovation in cybersecurity projects from 2014 till 2020.

Digital threats are constantly evolving and handling a large-scale cyber incident in several Member States simultaneously is a challenge for all of Europe. Only a coordinated reaction, based on cross-border exchange of information, can address such a risk in the most efficient way.

Our recent actions for improving cybersecurity involve another important initiative. This is our new Network and Information Security Directive, which includes setting up a network of computer security response teams across the EU in order to rapidly deal with cyber threats and incidents. The directive will improve the level of national cybersecurity across the EU, which is unevenly developed. One important aspect is a focus on infrastructure: there will be security and reporting obligations for companies managing critical infrastructure in key economic sectors such as energy, transport and banking which use digital networks to provide their services. Similar obligations will apply to key digital service providers.

Although industry can cope with individual vulnerabilities and threats, this is costly and inefficient when faced with an ever-increasing multitude of risks that are in many cases international and by definition affect more than one European country.

Working together in Europe on improving cybersecurity clearly makes more sense than working in isolation. This will help building the essential level of trust and confidence in the European digital economy and society.