Cybersecurity has an incredibly important and rapidly growing role in Europe. Securing network and information systems in the European Union is absolutely necessary in order to keep the online economy running, which is hugely and increasingly important. The EU has been emphasizing the importance of this and directing a lot of resources toward cybersecurity. It has raised the capabilities of the Member States and has implemented the international cooperation on cybersecurity and cybercrime.
Cybersecurity is a highly dynamic industry which has changed massively in recent years. The traditional approach of focusing on the most crucial system components and protecting against the biggest known threats is completely insufficient in the current environment. The threat now advances and changes faster than we can keep up with it. To deal with the current environment, we need more proactive and adaptive approaches, and strategies which emphasize continuous monitoring and real-time assessments. Threats online can have serious implications not only for effects on businesses but also governments and whole countries. The uptick in ransomware recently, following the leaking and subsequent weaponization of NSA hacking tools, was a huge blow to many companies, and an attack on the British NHS meant some operations were canceled at put real lives at risk. The cancellation of hundreds of British Airways flights due to an IT meltdown is estimated to have cost them at least £80million. Though this wasn’t due to an attack, it shows how important infrastructure is to firms and the very expensive effects it can have when it isn’t running. Recent cyberattacks on the Ukraine have shown countries are vulnerable too, and as infrastructure systems—electricity, water, transportation, etc.– become more automated, the greater risk associated with cyberattacks can have on shutting down whole aspects of a country’s operations.
External cyber-attacks are not the only threat companies face. IBM found, in their 2016 Cyber Security Intelligence Index, that 60% of all attacks were carried out by insiders. A quarter of these attacks were unintentional on behalf of the actors who enabled them, but three-quarters involved malicious intent. Smaller businesses are uniquely vulnerable to IT security breaches because they may lack the more sophisticated intrusion detection and monitoring systems used by large enterprises, IBM Security research also found that health care, manufacturing, and financial services and the top three industries targeted by cyber-attacks because of their personal data, intellectual property, and financial assets, respectively. The 2013 cyber-attack on Target, where Russian thieves left the company with a potential loss of $420 million and affected 70 million customers, was made possible by an unwitting vendor—an insider—had authorized access to Target’s computers. While all businesses have their differences in size and industry, they all have people working for them; and, each one of whom has the potential to be an insider threat.
The growing importance and complexity of the cyber threats against European businesses and governments mean that there is huge and potentially lucrative demand for the cybersecurity industry. The cybersecurity market is one of the fastest growing markets in the ICT sector. The European cybersecurity market alone was worth $22billion in 2016 and is expected to grow at 8% p.a. to 2018, driven predominantly by increasing spend on services. Europe urgently needs high-quality, affordable and interoperable cybersecurity products and solutions.
European institutions are responding to these risks and needs, and are supportive of cybersecurity efforts. The Commission in the Field of Cybersecurity is dedicated to increasing cybersecurity capabilities and cooperation, making the EU a strong player in cybersecurity, and mainstreaming cybersecurity EU policies. The commission recognizes the potential of the Digital Single Market, which could boost the EU economy by almost €415 billion per year and create hundreds of thousands of new jobs. However, trust and confidence by Europeans needs to be established in order for new connected technologies and services to take off. In order to do just that, and move towards this Digital Single Market, the Euroepan Commission announced on July 5th, 2016 the launch of a cPPP—the contractual Public-Private Partnership on cybersecurity—to enhance industrial capabilities in Europe. The partnership hopes to encourage cooperation between public and private actors at early stages of the research and innovation process in order to allow people in Europe to access innovative and trustworthy European solutions. It also aims to stimulate the cybersecurity industry, by aligning demand and supply sectors and therefore allowing industry to elicit future requirements from end-users. The EU will invest up to €450 million in this partnership and consequently the cybersecurity market players are expected to invest three times more.
With the support of institutions and high demand for new innovative solutions, the cybersecurity industry is poised to grow enormously for the foreseeable future. The more we automate and the more information we automate, the greater risk we face for attacks from both inside and outside of our companies. Those who can add value to it, stand to gain enormous wealth. This leaves opportunities open for innovative digital minds, not only to earn huge sums of money, but also to make a undeniable impact.