As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors across the European Union have been paying increasing attention to the resilience of critical information systems and digital infrastructures. The Audit Compendium on cybersecurity, published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an overview of their relevant audit work in this field.
Cyber incidents may be intentional or unintentional and range from the accidental disclosure of information to attacks on businesses and critical infrastructure, the theft of personal data, or even interference in democratic processes, including elections, and general disinformation campaigns to influence public debates. Cybersecurity was already critical for our societies before COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber threats. Many business activities and public services have moved from physical offices to teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.
Protecting critical information systems and digital infrastructures against cyberattacks has thus become an ever-growing strategic challenge for the EU and its member states. The question is no longer whether cyberattacks will occur, but how and when they will occur. This concerns us all: individuals, businesses and public authorities.
“The COVID-19 crisis has been testing the economic and social fabric of our societies. Given our dependence on information technology, a ‘cyber crisis’ could well turn out to be the next pandemic“, said European Court of Auditors (ECA) President Klaus-Heiner Lehne. “Seeking digital autonomy and facing challenges posed by cyber threats and external disinformation campaigns will undoubtedly continue to be part of our daily lives and will remain on the political agenda in the next decade. It is therefore essential to raise awareness of recent audit findings on cybersecurity across the EU member states.”
European SAIs have therefore geared up their audit work on cybersecurity recently, with a particular focus on data protection, system readiness for cyberattacks, and the protection of essential public utilities systems. This has to be set in a context in which the EU is aiming to become the world’s safest digital environment. The European Commission and the Union’s High Representative for Foreign Affairs and Security Policy, in fact, have just presented a new EU Cybersecurity Strategy, which aims to bolster Europe’s collective resilience against cyber threats.
The Compendium published on 17 December provides background information on cybersecurity, main strategic initiatives and relevant legal bases in the EU. It also illustrates the main challenges the EU and its member states are facing, such as threats to individual EU citizens´ rights through misuse of personal data, the risk for institutions of not being able to deliver essential public services or facing limited performance following cyberattacks.
The Compendium draws on the results of audits carried out by the ECA and the SAIs of twelve EU member states: Denmark, Estonia, Ireland, France, Latvia, Lithuania, Hungary, the Netherlands, Poland, Portugal, Finland and Sweden.
This audit Compendium is a product of co-operation between the SAIs of the EU and its member states within the framework of the EU Contact Committee. It is designed to be a source of information for everyone interested in this important policy field. It is currently available in English on the EU Contact Committee website, and will later be available in other EU languages.
This is the third edition of the Contact Committee’s Audit Compendium. The first edition on Youth unemployment and the integration of young people into the labour market was published in June 2018. The second on Public health in the EU was issued in December 2019.
The Contact Committee is an autonomous, independent and non-political assembly of the heads of SAIs of the EU and its member states. It provides a forum for discussing and addressing matters of common interest relating to the EU. By strengthening dialogue and co-operation between its members, the Contact Committee contributes to an effective and independent external audit of EU policies and programmes