The Joint Research Centre (JRC), the European Commission's in-house scientific service, published on Friday 24 July an analysis of the challenges and issues surrounding cybersecurity, including the idea of legislating to hold companies accountable for breaches of their cybersecurity obligations.
Entitled ‘Cybersecurity: our digital anchor. A European perspective’, this more than 100-page document examines the growth of cybersecurity over the past 40 years and identifies areas where the EU could improve.
A cost estimated at 5.5 trillion euros
It argues that in the digital age, a paradigm shift is needed to make cyber security “more proactive and better linked to the needs of society”. “Cybersecurity is evolving from a technological ‘option’ to a societal must”, it argues, stressing that it is now a matter of national security.
According to some projections put forward by the report, cybercrime will cost 5.5 trillion euros worldwide by the end of 2020, compared to 2.7 trillion euros in 2015. This increase is due in part to the exploitation of the Covid-19 pandemic by cyber criminals. This figure, the report notes, represents the largest transfer of economic wealth in history, more profitable than the global trade in all major illegal drugs combined.
A regulation on liability
The report addresses relevant issues, including critical infrastructure, the scale of impact, complexity and duration of attacks, often detected after the fact, and the societal aspects of cyber threats.
It concludes by presenting a series of possible actions that contribute to building a European digital society that is secure from the start. It mentioned, in particular, the idea of holding companies liable for breaches of their cybersecurity obligations through liability legislation. However, it notes that the implementation of such legislation would be a real challenge.
Other ideas include more transparent reporting of cyber incidents, better coordination of funding for cybersecurity research, and a common culture of collaboration on cybersecurity. It also calls for the improvement of cyber security skills, starting in school, so that everyone becomes familiar with these concepts and to train a workforce that is highly sought after by companies. See the report: https://bit.ly/3f1EyFd (Original version in French by Sophie Petitjean)