European Union Agency for Network and Information Security

Cyber Insurance: A look at recent advances, good practices and challenges by ENISA

Mon, 11/07/2016 - 08:51

The aim of the report is to raise awareness for the most impactful market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages of the cyber insurance lifecycle, i.e. before an actual policy is signed, laying the ground for future work in the area.

Member States understanding the importance of addressing cyber-risk, have taken relevant action by publishing guides of good cyber-hygiene[1] [2]. Insurance federations have also shown a great interest in cyber-insurance, with actions taking place both at the European and national level.

A rising concern among a number of insurers is found to be the uncertainty around accumulating risk[3]. A subset of key recommendations, for the betterment of the cyber insurance constituency, to policy makers, insurance companies, and future customers include:

  • To policy makers: avoid the introduction of mandatory requirements that might undermine the cyber-insurance market adoption rate
  • To insurance companies: a) consider adopting common standards and methodologies, b) introduce explanatory sessions, and provide customer scenarios and generic examples of policy coverage and c) clarify the policy language and offer a transparent underwriting process
  • To cyber insurance customers: get informed, prepare and document the environment before requesting a cyber-insurance policy.

The report is targeted primarily at insurance companies, to either benchmark themselves against the market trends, or evaluate good practices before entering the market. Additional beneficiaries are customers interested to adopt a cyber insurance policy. Founded to address residual risk, the cyber insurance market is anticipating a growth in both technological and sales volume terms; a growth that is expected to be further accelerated by the legislative additions of the GDPR and NIS Directive.

 

Full report is available here


For interviews and press enquiries please contact press@enisa.europa.eu  

[1] France, ANSSI “40 essential measures for a healthy network” http://bit.ly/2dr6nbA

[2] United Kingdom, Department for Business, Energy & Industrial Strategy “Cyber essentials scheme: overview” http://bit.ly/1hkkmdz

[3] For example, in the event that an incident would occur an insurer cannot be certain about the number of customers that would be affected.


 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cyber Security Assesment Netherlands 2016 published

Thu, 11/03/2016 - 16:50

The Cyber Security Assessment Netherlands (CSAN) is published annually by the Dutch National Cyber Security Centre and drawn up in close collaboration between public and private parties. The aim is to offer insight into developments, interests, threats and resilience in the field of cyber security over the period from May 2015 to April 2016. Every edition is translated in English, in order to facilitate knowledge transfer to our partners

In the context of the growing threats in the digital domain, there are four notable developments in the CSAN 2016:

  • Professional criminals carry out long-lasting and high-quality operations
  • Digital economic espionage by foreign intelligence services puts a strain on the competitiveness of the Netherlands
  • Ransomware is commonplace and has become even more advanced
  • Advertising networks have not yet shown the ability to cope with malvertising Last year there was an increase in actual cyber threats.


According to State Secretary Dijkhoff, the findings from the CSAN 2016 are worrisome: "These developments have implications for the whole of the Netherlands and lead to direct action. Through the National Detection Network, the government and the business community keep each other informed about current threats. In the coming period, I am going to put extra effort into this digital dike monitoring. We have to be realistic: no one person can oversee everything all the time. Therefore, the government and society must work together to keep our online world safe. The basis is knowing where vulnerabilities are, sharing that information and then 'closing down the gaps.' "

You can now download the English translation of the Cyber Security Assessment Netherlands 2016 at our website.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s support to EU and National strategies for information security presented at IT workshop

Fri, 10/28/2016 - 15:45

ENISA’s efforts focus on supporting Member States in the area of National Cyber Security Strategies, CIIP, capacity building and the security of emerging technologies. Furthermore an insight was offered on the NIS Directive and how this is translated for industry - for Digital Services Providers (DSPs) and Essential Service Operators (ESOs) – in the relevant sectors energy, banking, healthcare, and transport sector - on incident reporting.

In addition ENISA supports capacity building in the EU, through the cyber exercises and trainings, such as the recently implemented Cyber Europe 2016.

In his presentation Paulo Empadinhas stressed “within this evolving environment collaboration is everything. Failure to detect threats is often more costly than false alarms, while cyber-attacks have become a norm. Member States with the support from ENISA should cooperate to protect critical information infrastructures through sharing of information, developing and deploying good practices and cooperate with National Regulatory Authorities to achieve EU wide harmonisation”.

 

For more information on the event: http://www.scholze-simmel.at/starbus/ws10/

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

DSiN ten-year congress: “Security derives from responsibility”

Thu, 10/27/2016 - 15:09

Prof. Udo Helmbrecht, Executive Director of the European Union Agency for Network and Information Security (ENISA) and member of DSiN’s advisory board participated at the ten year anniversary conference of  ‘Deutschland sicher im Netz e.V.’(DSiN). Dr Thomas Kremer (DSiN Chairman) delivered the welcome speech and Dr Thomas de Maizière, (Federal Minister of the Interior) spoke on the principle of "Security derives from responsibility".

Helmbrecht together with representatives from government and industry were among the panel speakers on the “Triangle for IT security - regulation, technology, education”. Panellists discussed the increasing digitisation which is transforming into a core foundation for business, society and government, while looking into the challenges this brings to the legal framework, the security of services and devices (PbD), and citizens’ e-skills and awareness of the digital environment. The underlying notion of the associated responsibility and the importance of trust and safety, was key part of the discussion. 

Udo Helmbrecht highlighted “the latest initiatives of the European Commission, notably the NIS Directive and the GDPR,  can contribute towards addressing key technical challenges and act as a tool to build trust and a more resilient environment for businesses and citizens”. His recommendations for the future include: standardisation of IT security, ‘friendly’ and ‘neutral’ technological legislative initiatives, and a secure network structure using strong encryption.

ENISA reiterated its commitment and support to DSiN and public-private partnerships (PPPs) which help address business and consumer/citizens needs at a regional, national and EU level and the advancement of the DSM objectives.

The event is live streamed. For more information visit http://dsin-jahreskongress.de/

Background: DsiN strengthens the security awareness of consumers as well as small and medium-sized enterprises on the Internet and provides concrete support. DsiN was founded in the National IT Summit of the Federal Government and has been under the patronage of the Federal Ministry of the Interior since 2007 (source: DSiN).

Related item here

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

4th Week ECSM: Mobile Malware

Mon, 10/24/2016 - 09:35

About Mobile Malware

Mobile malware is malicious software which targets mobile devices.

We increasingly depend on mobile devices. Cybercriminals use this to their advantage, to get access to information and money, or to just do harm, while also developing a number of threats which are particularly designed to operate on mobile platforms.

The main threats include: use and download of apps, mobile banking malware, mobile ransomware, web-based threats, and unsecure Wi-Fi connections.

How to protect yourself

  • Install apps from trusted sources only
  • Don’t click on links or attachments in unsolicited emails or text messages
  • Log out of sites after you have made a payment
  • Keep your operating system and apps updated
  • Turn off Wi-Fi, location services and Bluetooth when not in use
  • Avoid giving out personal information
  • Don’t jailbreak your device
  • Back up your data
  • Install a mobile security app

Material on Mobile Malware

Detailed material on mobile malware in over twenty (20) languages, including infographics, info-sheets with tips to businesses and users, and videos, are available on Europol EC3 website and take a look at the Mobile malware video.


Follow #MobileMalware

Workshop on Mobile Malware

As part of the Cyber Security Month, a course has been organized in collaboration with the Cyber Crime Unit of Greece and ENISA. The topic of the session, coincides with the Mobile Malware theme of the week promoted by Europol.

This is a closed event for members of Greek law enforcement.

 

Follow #CyberSecMonth, #OctoberNIS, #CyberAware

Cyber security is a shared responsibility! STOP.THINK.CONNECT

European Cyber Security Month: get in the driving seat of your own online security

2nd Week ECSM: Cyber Safety

3rd Week ECSM: Cyber  Training

 

Full list of partners at https://cybersecuritymonth.eu/ 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Regional Cybersecurity Forum for Europe

Fri, 10/21/2016 - 16:39

The Telecommunication Development Bureau (BDT) of the International Telecommunication Union (ITU) and the European Union Agency for Network and Information Security (ENISA), together with the Ministry of Transport, Information Technology and Communications of the Republic of Bulgaria are organising the Regional Cybersecurity Forum for Europe.

When: 29-30 November, 2016
Where: Grand Hotel Sofia, Bulgaria

This event will focus mostly on the specific topics as National Cybersecurity Strategies, CIIP and National CSIRTs in terms of development approaches, good practices, challenges and opportunities. It is targeted to national policy and decision makers, legislators, regulators, service providers, academia and civil society who are involved in the process of strengthening regional cooperation, information sharing, and discussion on cybersecurity.

More information and details about the event and registration is available here.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Industry collaboration event: Matching supply and demand in EU cybersecurity

Fri, 10/21/2016 - 14:20

The workshop, which took place in Brussels, looks at matching supply and demand in EU cybersecurity. The focus is two-fold: to identify cybersecurity challenges and requirements in two key sectors, electronic payments and eHealth, and to explore to what extent suppliers of cybersecurity products and services are able to respond in a commercially neutral environment.

In particular, objectives of the workshop include to:

  • understand the challenges and cyber security requirements of the eHealth and ePayments industries
  • showcase state-of-the-art approaches in the two topics
  • match EU cybersecurity challenges and requirements with opportunities and capabilities
  • explore what industry can offer (without discussing individual products)
  • draft a list of concrete actions - after a ‘matching exercise’ - and communicate these to the relevant authorities

The industry group was created by ENISA in an effort to compliment with discussions on implementation strategies and methods related to the current active policy debate on NIS themes. The particular event, brings together representatives from the European Commission, public and private entities, health, banking and IT sectors.  The aim is to generate a better understanding of challenges and requirements in these industries for potential suppliers, and to inform the consumer industries on potential solutions to respective issues.

The overall goal is to ensure that policy makers are aware of the degree of effort and cost necessary to implement policy ideas, and conversely that the EU industry, whether acting as consumers or suppliers of cybersecurity products and services, are able to get optimal benefit from these policies.

ENISA takes a closer look in these two fields as the health sector, and in particular innovations related to e/m- Health, is increasingly considered as a critical infrastructure while the Payment Services Directive 2 (PSD2) is expected to  impact the security of payment services.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Incident handling training workshop by ENISA

Thu, 10/20/2016 - 13:40

The three-day training focuses on mobile threats and incident handling, memory forensics, and malware analysis. ENISA’s trainers cover the concepts of memory forensics, such as acquisition of memory and its analysis, and additionally give attendants an overview of the tools and methodologies used to perform malware analysis.

During the training, participants from CSIRT.sk, the Slovak Ministry of Defence and other governmental entities, follow hands-on tutorials to solve various cyber security incidents. The courses are based on the ENISA training material developed for operational communities such as CSIRTs. The material is also available online.

The memory forensics training looks at identification and handling of electronic evidence, artifact analysis, and artifact handling and analysis. The event is also hosted and supported by the Slovak Armed Forces.

For technical information please contact us at cert-relations (at) enisa.europa.eu

More ENISA training material and to meet the ENISA trainers take a look at the video.

3rd Week ECSM: Cyber Training

Mon, 10/17/2016 - 11:57

In the context of this year’s October themes for ECSM, ENISA together with the University of Piraeus, organise an event to raise awareness on the various domains in cyber security. The event takes place at the University premises.

ENISA joins efforts together with partners, including the Hellenic Police Cybercrime Division, the Hellenic Authority for Communication Security and Privacy (ADAE), the department of Digital Systems and Systems Security lab of University of Piraeus, and the Networks, Multimedia and Security Systems laboratory of Ionian university, to present activities in cyber security. Topics include:

  • trends in cyber threats for 2016
  • informing users and subscribers on the protection of communication privacy
  • actions and awareness raising in relation to cybercrimes, with a focus on “money mules”
  • password-less authentication


Presentations will be held in Greek.

When: Friday, 21st October 2016, 9:00am - 14:30pm  
Where: University of Piraeus.

For more information: https://cybersecuritymonth.eu/ecsm-countries/greece/cyber-security-and-privacy-awareness-raising

 

Visit the dedicated ECSM website: https://cybersecuritymonth.eu/ 

Follow the campaign on Twitter #CyberSecMonth, #OctoberNIS, #CyberAware

"Cyber security is a shared responsibility – Stop. Think. Connect."

European Cyber Security Month: get in the driving seat of your own online security

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cyber Europe 2016 - We are stronger together

Thu, 10/13/2016 - 07:50

The scenario of Cyber Europe 2016 evolves around the IT, telecommunication and cybersecurity industries. The exercise includes technical incidents for the participants to analyse, ranging from forensic and malware analysis, mobile infection, malvertisement campaigns, open source intelligence, drones, etc. The technical incidents are used to build up the situation into a crisis at different levels: local, organization, national, European. Business continuity plans are expected to be put into test.


See also: Cyber Europe 2016 video: Are you ready for the next cyber crisis?

Cyber Europe 2016: https://www.cyber-europe.eu

Background:

To gain some insight into the Cyber Europe exercises have a look at the After Action Report of the previous pan-European cybersecurity exercise Cyber Europe 2014 .

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Head of Core Operations today at the final of the Austrian Cybersecurity Challenge

Wed, 10/12/2016 - 13:05

ENISA’s Head of Core Operations, Steve Purser, visits the final of the Austrian Cybersecurity Challenge, which is being held in St. Johann, Austria today.

This competition started with an online qualifying round held from, 9th May - 31st August, resulting in the twenty finalists, ten school students, ten undergraduate students, that compete at the final this week. The five best from each group will form the team that will represent Austria at the European Cyber Security Challenge 2016 final that will take place in  Dusseldorf between 7th -10th November 2016.

The European Cyber Security Challenge leverages on competitions from Member States, like the one currently taking place at Austria, adding a pan-European layer to them.

Top cyber talents from each Member State collaborate and compete against each other to win the ECSC prize. Contestants solve security related challenges from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.

 

Website of the Austrian Cybersecurity Challenge http://www.verbotengut.at/ 

Website of the European Cybersecurity Challenge

 

Follow on Twitter: @enisa_eu,  #EUCSC2016

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Head of Core Operations today at the final of the Austrian Cybersecurity Challenge

Wed, 10/12/2016 - 13:02

ENISA’s Head of Core Operations, Steve Purser, visits the final of the Austrian Cybersecurity Challenge, which is being held in St. Johann, Austria today.

This competition started with an online qualifying round held from, 9th May - 31st August, resulting in the twenty finalists, ten school students, ten undergraduate students, that compete at the final this week. The five best from each group will form the team that will represent Austria at the European Cyber Security Challenge 2016 final that will take place in  Dusseldorf between 7th -10th November 2016.

The European Cyber Security Challenge leverages on competitions from Member States, like the one currently taking place at Austria, adding a pan-European layer to them.

Top cyber talents from each Member State collaborate and compete against each other to win the ECSC prize. Contestants solve security related challenges from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.

 

Website of the Austrian Cybersecurity Challenge http://www.verbotengut.at/ <http://www.verbotengut.at/>  

Website of the European Cybersecurity Challenge

 

Follow on Twitter: @enisa_eu,  #EUCSC2016

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ECSM 2nd Week: Cyber Safety

Tue, 10/11/2016 - 14:15

Test your knowledge on privacy and security by taking the NIS Quiz!

The quiz has been updated by ENISA in-line with new privacy rules. For the first time, the quiz is now available in all 23 languages of the EU.


Visit the dedicated ECSM website: https://cybersecuritymonth.eu/ 

Follow the campaign on Twitter #CyberSecMonth, #OctoberNIS, #CyberAware

 

"Cyber security is a shared responsibility – Stop. Think. Connect."

European Cyber Security Month: get in the driving seat of your own online security

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

European Cyber Security Month: Join us online for "Ask me Anything" session on 4th October

Mon, 10/03/2016 - 12:10

F-Secure Cyber Security Advisor Erka Koivunen and ENISA's NIS expert Cosmin Ciobanu, will answer questions about #CyberSecMonth, creating a culture of security, and what you, your boss, and your boss' boss need to know about being hacked.


Join them  for a Reddit "Ask me Anything" session,  answering questions about #CyberSecMonth.

When:
4 October, 2016 15:00 EET

Where: Online at the following link 

https://safeandsavvy.f-secure.com/2016/09/30/ask-erka-koivunen-anything-for-european-cyber-security-month/

Country: Finland
 

The goal of the month is to raise awareness of cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices. In other words, it's about not getting hacked! 

Follow: #CyberSecMonth

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

European Cyber Security Month: Join us online for "Ask me Anything" session today

Mon, 10/03/2016 - 12:10

F-Secure Cyber Security Advisor Erka Koivunen and ENISA's NIS expert Cosmin Ciobanu, will answer questions about #CyberSecMonth, creating a culture of security, and what you, your boss, and your boss' boss need to know about being hacked.


Join them today for a Reddit "Ask me Anything" session,  answering questions about #CyberSecMonth.

When:
Today, 4 October, 2016 15:00 EET

Where: Online at the following link 

https://safeandsavvy.f-secure.com/2016/09/30/ask-erka-koivunen-anything-for-european-cyber-security-month/

Country: Finland
 

The goal of the month is to raise awareness of cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices. In other words, it's about not getting hacked! 

Follow: #CyberSecMonth

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

A week to go for the European Cyber Security Month launch!

Fri, 09/23/2016 - 12:55

 


When:
30 September 2016

Time: 9.30 -14.00 (including networking lunch)

Where: European Banking Federation

Avenue des Arts, 56, B-1000 Brussels

 

At the launch event three discussion panels with specialists from public and private sectors and academia, introduce the four themes of the ECSM 2016 edition:

Week 1 October 3-7: Security in Banking

Week 2 October 10-14: Cyber Safety

Week 3 October 17-21: Cyber Security Training

Week 4 October 24-28: Mobile Malware

 

The event offers an excellent opportunity for all actors in cyber security to interact and discuss together matters of common interest.

To find out more about the activities and how to get involved visit – www.cybersecuritymonth.eu

Follow the campaign on Twitter @CyberSecMonth @enisa_eu #CyberSecMonth, #OctoberNIS, #Cyberaware


'Cyber security is a shared responsibility – Stop. Think. Connect.'

For interviews and press enquiries please contact press@enisa.europa.eu Tel. +30 2814 409576

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht at Munich Security Conference on connectivity and security in critical infrastructures

Tue, 09/20/2016 - 03:45

Udo Helmbrecht participates at the fourth Cyber Security Summit hosted by the Munich Security Conference in Silicon Valley, where on the 19th and 20th September he joins around a hundred key representatives from both the EU and the US scene, from diverse fields of the public and private sphere to debate on trending cyber challenges.

Among the speakers at the MSC panel on "Connectivity vs. Security? Critical Infrastructure under Cyber Attack", ENISA’s Executive Director, Udo Helmbrecht said that while modern economies rely on the newly developed cyber infrastructures assuring their security has become the main priority of many actors such as governments and companies, as this may have implications on the economies and business. “Dependencies of critical infrastructure across the EU increase the attack surface and the potential impact of cyber incidents”. Furthermore, critical infrastructures - such as electricity generation plants, transportation systems, manufacturing facilities – are controlled and monitored by Industrial Control Systems (ICS), including SCADA systems. The importance of continuous improvement of ICS-SCADA[1] security for critical service providers is increasingly recognized as a high priority area among European critical infrastructure operators due to its strategic impact on processes essential for uninterrupted functioning of the EU industries and economy.

It is noted that the most expensive attacks are considered to be insider threats, while DoS/DDoS and malicious insiders attack, are the two types which collectively constitute approximately half the annualized cost of all cybercrime. In terms of country loss, the costs can reach up to 1.6% of GDP in some EU countries[2] while for the global economy, loss is estimated between 330 to 506 billion euros.[3] Finance, ICT and energy sectors display the highest incident costs.

In this context it was explained how mandatory incident reporting from the telecom sector (Art. 13a of the Telecom Package) and trust service providers (Art. 19 of the eIDAS Regulation) provides an aggregated overview of incidents of significant impact. “National cyber security strategies and the recent NIS Directive help enhance cyber security from a policy perspective, setting the foundations for increased EU-level cooperation, risk management and incident reporting obligations, for operators of essential services and digital service providers. Government and the private sector can cooperate more proactively in order to not just respond, but also better deter and defend against potential cyberattacks”.

Livestream of the Cyber Security Summit in Stanford

For more infor visit: https://www.securityconference.de/en/

 

For interviews and  more on the subject please contact press@enisa.europa.eu Tel. +30 2814 409 576


[1] ICS-SCADA: Industrial Control and Supervisory Control and Data Acquisition Systems

[2] Cost of Cyber Crime Study: France, Ponemon Institute, 2014

[3] Net Losses: Estimating the Global Cost of Cybercrime, McAfee, 2014

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Discussion on implementing the NIS Directive and enhancing competitiveness

Mon, 09/12/2016 - 08:20

Udo Helmbrecht met together with representatives from the political and business sphere including Saskia Esken (MP,SPD), Bodo Meseke, (Ernst & Young), Prof. Dr. Michael Waidner, (Director, Fraunhofer SIT) and Olaf Siemens (DCSO) to discuss on  ‘New European rules on IT security - new demands on the business’ at the Berliner Digital Dialog.

Udo Helmbrecht shared insights into the costs caused by cyber-attacks. Determining the real economic impact of incidents on EU’s economy can help in defining proper, coherent and cost effective mitigation policies.  Costs can reach up to 1.6% of GDP in some EU countries[1] while for the global economy, loss is estimated between 330 to 506 billion euros[2]. Finance, ICT and energy sectors display the highest incident costs.

The requirements deriving from the NIS Directive for industry and what is expected from Digital Services Providers (DSPs) and Essential Service Operators (ESOs) – from the energy, banking, healthcare, transport sector - on incident reporting were discussed. Furthermore, the contribution of standardisation strategies was looked into as a component to increase EU competitiveness, trust, provide a functional operational framework for emerging technologies, and ultimately security.

“Many of the most costly attacks are considered to be insider threats. It is important to protect our industry and preserve the smooth functioning of the internal market and our economy.  The provisions of the NIS Directive can act as a tool for businesses, for improved risk management and more resilient operation systems” commented Udo Helmbrecht.

 


[1] Cost of Cyber Crime Study: France, Ponemon Institute, 2014

[2] Net Losses: Estimating the Global Cost of Cybercrime, McAfee, 2014

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA in 2015 - Annual Report

Fri, 09/09/2016 - 17:45

This past year was particularly active - given the agreements on the NIS Directive, the General Data Protection Regulation (GDPR) and the announcement of the Digital Single Market (DSM) initiative by the Commission, with the Agency working together with the EU institutions, contributing to the processes at the EU level and translating to stakeholders - and particularly industry - the new regulatory environment. These landmark agreements make the Agency’s work even more important within the EU on cybersecurity, and its stimulus to the internal market growth.

Highlights of the year, include best practices and recommendations in sectors such as e-health, finance, smart infrastructure and services, and cloud computing. The Agency continued work on renown activities such as Article 13a (disruption in the telecom sector) and Article 4 reporting (personal data breaches) and developing synergies between the two, and supported the implementation of the Article 19 (eIDAS), and CSIRTs training. Similarly, ENISA built on enhancing its presence further through key industry events and the increasing awareness through the annual Cyber Security Month (ECSM) and preparing for the pan-European cyber exercise in 2016. Article 14 requests - a mechanism which allows Member States and EU institutions to request specific items of work from the Agency beyond the work programme execution process - have grown in significance and demand, demonstrating an increase of 92%.

In 2015 the Agency successfully produced a total of fifty-three (53) deliverables on a variety of subjects. These range from national issues, such as the protection of critical infrastructures, to issues affecting citizens at an individual level such as privacy and data protection, and the annual report on cyber threats.

Throughout 2015 ENISA strengthened relations with the institutions, the public sector, industry and the research community, and assisted in making significant improvements to the state of cybersecurity throughout the EU – in areas such as standardisation, PETs, privacy by design (PbD) -responding to a rapidly developing threat environment and helping Member States to lay solid foundations for the information systems of the future, while promoting best practices and developing synergies towards a smooth cyber EU environment.

All activities carried out during the year resulted in various best practices and recommendations, available online ENISA’s website.

For more information on ENISA’s work contact press@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA's Annual Privacy Forum 2016 starts tomorrow

Tue, 09/06/2016 - 11:44

The event which takes place in Frankfurt am Main on the 7th and 8th September, is the fourth edition of the Annual Privacy Forum (APF), and is jointly organised by ENISA, DG CONNECT (European Commission Directorate General for Communications Networks, Content and Technology), Mobile business, the University of Goethe University as local host, and in partnership with the EDPS.

Among others, keynote speakers include Thomas Kremer (D.Telecom), Jacoba Sieders (ABNAMRO), and security and privacy expert Mikko Hypponen (F-Secure) who will speak on the current ‘State of the Net’. Full list of speakers is available here.

Scientific contributions during this year’s APF are published in the following link. Key focus themes include: eIDAS and data protection regulation; IoT and public clouds; and privacy policies and privacy risk presentation.

Stay connected with #APF16: follow #APF16 and #PrivacyForum_EU and @ENISA_eu on twitter, and the dedicated site http://privacyforum.eu/ and RSS feeds.

APF poster



 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages