News

Brussels, 19 September 2017

Questions and answers

Why does the EU need to take action on cybersecurity?

Since 2013, the technological and security landscape in the European Union has changed at a very fast pace. Digital technologies are now an integral part of our daily life and the backbone of our economy. The Internet of Things revolution has become a reality, with tens of billions of devices expected to be connected to the Internet by 2020. At the same time the number and diversity of cyber threats is continuously growing. With the recent ransomware attacks, a dramatic rise in cyber-criminal activity, state actors increasingly using cyber tools to meet their geopolitical goals and the diversification of cybersecurity incidents, the EU needs to be more resilient to cyber- attacks and create effective cyber deterrence, including through criminal law, to better protect Europe's citizens, businesses and public institutions. As announced in President Juncker's State of the Union address on 13 September, the Commission and the High Representative are therefore today proposing to reinforce the EU's resilience and response to cyber-attacks by strengthening the European Union Agency for Network and Information Security (ENISA), creating an EU-wide cybersecurity certification framework, a Blueprint for how to respond to large-scale cybersecurity incidents and crises, and a European Cybersecurity Research and Competence Centre. Today's proposals also include a new Directive on the combatting of fraud and counterfeiting of non-cash means of payment to provide for a more efficient criminal law response to cyber–attacks, as well as a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities and measures to strengthen international cooperation on cybersecurity.

This wide-ranging cyber security package builds on existing instruments and presents new initiatives to further improve EU cyber resilience and response in three key areas:

• Building EU resilience to cyber-attacks and stepping up the EU's cybersecurity capacity
• Creating an effective criminal law response
• Strengthening global stability through international cooperation

Facts and Figures

The scale of the problem makes the need to act even more urgent. Recent figures show that digital threats are evolving fast: since the beginning of 2016, more than 4,000 ransomware attacks have occurred worldwide every day, a 300% increase since 2015, while 80% of European companies have been affected last year. Studies suggest that the economic impact of cybercrime rose fivefold from 2013 to 2017, and could further rise by a factor of four by 2019. Ransomware has seen a particular increase, with the recent attacks reflecting a dramatic rise in cyber-criminal activity. However, ransomware is far from the only threat. An increasing number of Europeans also see cyber-crime as an important threat for the European Union, according to a Eurobarometer survey. 87% of respondents regard cyber-crime as an important challenge to the EU's internal security and a majority are concerned about being victims of various forms of cybercrime, with the largest proportions concerned about discovering malicious software on their device (69%), identity theft (69%) and bank card and online banking fraud (66%). The two most common concerns about online payments are the misuse of personal data, identified by 45% percent of respondents, and the security of the transaction itself, with 42%. This has prompted many to act to better ensure their security online, with 62% having changed their passwords over the past six months and 45% having installed anti-virus software. However, some have even stopped conducting online transactions with 12% having reduced their online purchases and 10% having opted out of online banking.