Is Europe prepared for cyberattacks?
Europe included cybersecurity as one of its priorities in the European Council meeting in June. Some 69 percent of European companies lack basic knowledge about their exposure to cyberattacks despite 80 percent of them having suffered some type of cyber-incident in the past year. With this in mind, the European Parliamentary Financial Service Forum (EPFSF) organized in the European Parliament a session for cybersecurity experts to suggest ideas to face the risks in the internet.
The European Union has taken a few steps but the road ahead is long. That is the conclusion that can be drawn from this forum on cybersecurity held in Brussels. On the positive side, we have, for example, the new regulations on data privacy.
In the past few months a number of European Union regulations have come into effect that look to enhance the levels of security in the internet. The General Data Protection Regulation (GDPR), which increases protection for personal data, and the Network and Information Security (NIS) Directive, which aims to improve security in information networks and systems, are two examples of this.
“Regulations such as the GDPR and NIS are a major steps in promoting the right use of security and privacy in Member States”, Álvaro Garrido, head of cybersecurity at BBVA, said in remarks to the conference.
This session held at the European Parliament was moderated by MEP Mady Delvaux and attended by representatives of BBVA, Intesa San Paolo, Zurich, Axa, Deloitte, Europan Banking Federation and the European Consumer Organisation.
The European financial sector in the face of cybersecurity
European financial sector now faces a series of cybersecurity challenges after the approval of several rules: the GDPR and the NIS directive (in effect since August 2016 and pending implementation by Member States), the PSD2, which governs payment system; and the DAS, which establishes a common legal framework for electronic signatures in the European Union.
On this matter, BBVA’s Garrido said there are currently challenges in the operational area such as crisis management, which requires more effective and efficient coordination.
He called for a joint response at a national and international level which should be developed with new legislative tools. Panelists also agreed on the need to improve the education of the public that uses digital services as well as finding and holding onto the talent needed by companies in the field of cybersecurity.
Cybersecurity on the European regulatory agenda
European lawmakers are moving in the right direction by taking on board cybersecurity as a priority. However, the panelists at the forum believe concrete operatives measures should to be drawn up and aspects in the regulatory framework clarified more quickly to increase the ability of the financial sector to ward off cyberattacks.
The European Union undeniably wants to reinforce regulations on cybersecurity within its target of creating a single EU digital market. The European Council at its June 19-20 meeting approved the creation of a pan-EU certification framework in the area of information technology and communication as well as a permanent Computer Emergency Response Team.
Prior to that in September 2017, the European Commission proposed a package of measures based on the previous EU cybersecurity strategy and its basic pillar, the SRI Directive on the security of information networks and systems.
These proposals included the creation of a stronger EU cybersecurity agency, the introduction of a pan-EU cybersecurity certification scheme and the rapid implementation of the SRI Directive. Later in October of the same year, the Telecommunications Council agreed an action plan to overhaul cybersecurity within the EU.
The ECB aims to help financial institutions face up to these attacks and to this purpose launched in May 2018 a new tool that simulates cyberattacks on banks, stock exchanges and other companies fundamental for the working of the financial system, Reuters reported. The objective of the ECB is to create a single framework to test the cyber-resistance of financial companies in the European Union.