Cyber security is becoming inevitable topic of discussions in a rapidly evolving digital era. The latest WannaCry cyber-attack has once again taught us, how costly such form of a crime can be. Moreover, these types of incidents know no national boundaries, affect globally and digitally. Have we done enough to brace ourselves against such attacks? Are there enough awareness and preventive tools? It is our wake-up call; hence we must act now and fast.

We have managed to convince EU Member States to accept a mandatory cooperation mechanisms on cyber-security. The General Data Protection Regulation (GDPR) I followed closely and the Network and Information Security Directive (NIS) I was directly involved in, are in the implementation stage. However, cybersecurity policy in the EU should not begin and end with these legislative acts. It is about time to focus on a strong cooperation between EU governments and seriously consider the idea of a cyber-defence resilience. Moreover, transparency and ongoing implementation of the directive should ensure to improve the ability of the Member States to prevent, avoid and/or ease the response to cyber-attacks. We must take this threat seriously at Governmental and individual level.

Stimulating awareness

According to a Cyber-Risk Survey[1] (2016), just 31% of organisations have a full and comprehensive understanding of the present cyber risk. This is surprisingly little. The example of the Wannacry attack shows that these cyber-attacks do not respect national borders. It infected computers in over 150 countries. The security of a technological devices itself does not make it immune to attacks and it remains vulnerable through its interconnectedness with other global networks. Hence, we must think globally. I argue that it is critical for the governments and companies around the world to not only see the opportunities, but also calculate the risk inherent to our digital age.

We must raise awareness and educate leaders from different backgrounds. We need to ensure that governmental Representatives, CEOs, CIOs and board members understand that cybersecurity is not simply an IT issue, but a business and governmental issue. It is a national issue affecting everyone individually. I invite governments to foster shared comprehension of these existential threats by firstly developing a common language, to establish a regular communication on the topic. Promote an understanding that everyone, who is online when watching the news or using an online banking system is vulnerable to cybercriminals. In this context, I would like to mention #SWITCH, which is the largest ICT and entrepreneurship event in the Baltics, taking place in Kaunas, Lithuania in September. I have invited senior cybersecurity experts and EU governmental representatives to share best practises and discuss about the best cyber risk management models.

Prevention better than cure?

A Lithuanian proverb states the obvious: it is easier to stop something from happening in the first place, instead of repairing the damage after it has happened. However, here I see an analogy to the sports industry. Cybercriminals can be compared to the producers of doping products. They will always be ahead of those, who are fighting against them. They are faster and more adaptable and due to the high profits always ahead of the game. The others are constantly in the defensive and solely reacting, instead of developing a pro-active and comprehensive plan. Given the rise in volume, sophistication, and automation of the attacks, a focus on preventing them is needed. According to the survey, companies that consider cyber risks a top five risk increased from 19% in 2015 to 32% in 2016. Great! Let’s keep this pace and start with the most vulnerable sector, much depending on IT systems, for example online platforms. The NIS directive gives a green light for systematic and common preventive work, reactive cyber threat or attack management. Preventing cyber-attacks is part of a holistic approach to cybersecurity risk management. Moreover, European Governments and EU institutions should invest more in prevention to protect their own IT system and networks. The private industry should lead by good example and should be the no. 1 partner.

Hand in hand with business

Cybersecurity sector is very young and opportunities for growth are limitless. We, citizens want to secure our private data as well as large multinational organisations want to secure their business secrets. When I am asked, where to invest to be successful, I always say – the best investment – in the growing sector. Businesses should open their eyes wide and look for the niche. The governments meanwhile, should give and ensure businesses an opportunity to share ideas, expertise and participate in Europe’s cybersecurity-related policy development and implementation. Their participation can help ensure that policies are workable and meet the needs of businesses and citizens. Cooperative work could also encourage a greater voluntary sharing of information on cyberattacks, cybercriminal motivations, and the tactics of malicious criminals. Together with FERMA and ECIIA on 29th June at the European Parliament I organize a cybersecurity conference. We will present and discuss the proposed guidance and what other improvements can be done in the field.

Finally, cyber-attacks are the biggest threats of the digital age against which we need to fight using our intelligence. To improve the lives of our citizens we need to think out of the box and implement new strategies. Countries have armies, navies, air force, but when was the last time any EU member had to defend their borders and use their physical defence tools? Perhaps it’s about time to seriously think of the cyber defence forces? Which I think is currently needed as never.

[1] Marsh Continental European study