A new report from anti-piracy body the Business Software Alliance has highlighted worrying gaps in national cyber security protection across Europe and called for a greater focus on building legal and policy frameworks and public-private partnerships within member states.
The report, EU Cybersecurity Dashboard: A Path to a Secure European Cyberspace, analyses the current state of play in all 28 member states against a pre-determined criteria for cyber security best practice.
It found that while most nations prioritized cyber security, especially when it came to CNI, there were large discrepancies from country to country regarding policies, legal frameworks and operational capabilities.
Systemic co-operation between public and private sector organizations on security was also lacking, it warned.
The UK was praised for having a comprehensive cyber security strategy, launched in 2011; a strong legal framework; two CERTs; a National Security Council; and the Office of Cyber Security and Information Assurance to support it.
However, BSA EMEA director of government affairs, Thomas Boué, told Infosecurity that there were still areas for improvement here, specifically in introducing legislation to mandate each agency has a CIO or CSO; to force the reporting of cyber security incidents; and to require an annual cyber security audit.
“The UK Cyber Security Strategy acknowledges the ease and benefits of continuous monitoring of data with relation to digitization, however, a specific auditing process and the frequency with which it should be carried out is not detailed,” he added.
“The UK could also do more work on sector-specific cybersecurity policies, including implementing sector-specific cybersecurity risk assessments.”
It’s hoped that the forthcoming Network and Information Securty (NIS) directive will help level the playing field across Europe when it comes to cyber preparedness and harmonize reporting and information sharing.
However, in a recent FireEye study one third of IT decision makers across Europe said they don’t fully understand the implications of the coming laws, while over 40% said they had received little guidance on the directive.
That could be because the EU is still fleshing out the details of NIS, which could land as early as next year.