2 minute read
The EU’s Cybersecurity Strategy 2020: Current cybersecurity situation requires holistic approach
The EU’s Cybersecurity Strategy 2020: Current cybersecurity situation requires holistic approach
A high degree of cyber-resilience is a prerequisite for the effective functioning of highly digitised processes, networkable products and services. This is because the damage caused by cybersecurity incidents is tremendous, both in the private sector and in industry. Current estimates suggest that in 2021, the annual global costs emanating from cybercrime and state-motivated cyberattacks will amount to six trillion US dollars. This would be a doubling of the damage estimated for 2015.1
Both companies and households are increasingly targeted by cybercriminals. Last year alone, sabotage, data theft and espionage are estimated to have caused 223 billion Euro of damage to German industry alone2 – this compares to roughly 110 billion Euro in 20193 . Almost every single German company experienced a cyberattack– often entailing phishing, DDoS attacks or infection with various types of malware – causing damage to their business operations over the past years. The damage to private households is much more difficult to quantify, as cybercrime is often unreported and the damage cannot always be directly linked to an incident. The reasons for successful cyberattacks are also extremely diverse and are by no means solely due to characteristics inherent to products (hardware and software): Rather, a careless handling of data, a lack of knowledge about potential attack vectors, and a lack of willingness to install updates, all significantly contribute to the success of cybercriminals.
The potential threat of cyberattacks is unlikely to diminish. As our daily lives are becoming smarter, i.e. more digital and thus more networked, the potential target for cybercriminals is growing immensely. According to current estimates, the number of networked objects worldwide is expected to rise to 125 billion by 2030. This compares to 27 billion networked objects in 2017.4 By 2022, every German will own about 9.7 networked devices.5 The advancing spread of digital technologies is creating a wide range of new opportunities, both for private as well as commercial user groups, while simultaneously posing new attack vectors that can potentially be exploited by criminals.
Therefore, German industry welcomes the EU Commission’s holistic approach adopted in the EU’s Cybersecurity Strategy 2020. Hence, the NIS 2-Directive6 can only be a first step towards enhancing the EU-wide level of cyber-resilience. It should be swiftly accompanied by horizontal cybersecurity requirements based on the New Legislative Frameworks. To this end, we appreciate the European Commission’s announcement of introducing cybersecurity requirements for IoT devices outside the NIS 2-Directive. Together with DIN and DKE, the Federation of German Industries developed a proposal of how the cyber-resilience of products and services could be strengthened.7 At the same time, it remains of utmost importance that governments refrain from holding back knowledge concerning vulnerabilities or from calling for measures that will weaken encryption.
1 Cybersecurityventures. 2018. Cybercrime Damages $6 Trillion By 2021. URL: https://cybersecurityventures.com/cybercrimedamages-6-trillion-by-2021/ 2 Bitkom. 2021. Wirtschaftsschutz 2021. URL: https://www.bitkom.org/sites/default/files/2021-08/bitkom-slides-wirtschaftsschutz-cybercrime-05-08-2021.pdf 3 Bitkom. 2019. Wirtschaftsschutz in der digitalen Welt. URL: https://www.bitkom.org/sites/default/files/201911/bitkom_wirtschaftsschutz_2019_0.pdf 4 IHS Markit. 2017. The Internet of Things: A movement not a market. URL: https://cdn.ihs.com/www/pdf/IoT_ebook.pdf 5 CISCO. 2019. Visual Networking Index: Forecast Highlights Tool. URL: https://www.cisco.com/c/m/en_us/solutions/serviceprovider/vni-forecast-highlights.html# 6 Cf. Eurlex. 2020. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 (COM/2020/823) final. URL. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52020PC0823 7 cf. BDI, DIN, DKE. 2021. EU-wide Cybersecurity Requirements. URL: https://english.bdi.eu/publication/news/eu-wide-cybersecurity-requirements/
