- 48 publicly known attacks against European energy and supply companies
- 31 Ransomware attack, with almost half including data theft
- 15 attacks affecting networks’ operational technology
Out of all geographical targets, attacks to EU countries rose from 9,8% to 46,5% during the first six months in 2023. Globally, 61% of all recorded cyber attacks came from Russia in 2023. The World Economic Forum lists cyber insecurity as the fourth most severe risk in the coming two years.
Eurelectric calls on policymakers to:
1. Foster a skilled workforce and facilitate investments
The EU energy sector, together with the banking sector, is investing more in information security measures compared to sectors like healthcare, transport and drinking water utilities. Globally, however, the EU is investing less in information security than North America and Asia Pacific. National regulatory frameworks must acknowledge and adequately reward the increased costs arising from cybersecurity measures and compliance of all cyber legislations.
Enhancing our ICT systems also requires skilled workforce. The EC estimated the shortage of cybersecurity professionals in all sectors in the EU ranged between 260,000 and 500,000, while the EU’s cybersecurity workforce needs were estimated at 883,000 professionals. Eurelectric welcomes the implemented Skills Academy to address this issue.
2. Allow time for implementation – avoid new regulation unless absolutely necessary
During the past EU legislative term at least seven pieces of cybersecurity legislation were published or proposed, including: the Directive on security of Network and Information System (NIS Directive) whose transposal started this October, amendments to the Cybersecurity Act, the Cyber Resilience act (CRA), the Cyber Solidarity Act (CSA) and the Network Code on Cyber Security (NCCS). The sector now needs time to fully implement the new framework. Additional regulations should only be developed or changed in case of a specific need that the sector does not cover and cannot implement alone.
3. Put cybersecurity at the top of the agenda by improving collaboration
A chain is as strong as its weakest link. EU-wide legislation – such as the NIS 2 directive and network code on cyber – needs to be implemented and coordinated in an efficient way by Member States. To further enhance collaboration, a mapping of the different EU enforcement mechanisms and agencies should be conducted to clarify the different roles that each body plays.
Read the paper
Make sure to check our full paper here.
Source – Eurelectric