Global Cyber Security Conference /Brussels
30 January 2013
I welcome today’s debate on cybersecurity. This discussion could not come at a better time.
Every day, people across the world use digital technologies for all kinds of activity, from communication to healthcare, from entertainment to banking. Not to mention businesses and governments using these networks to deliver their many services.
The digital transformation offers a boost to all. A stronger society; a more prosperous economy; a platform to exercise human rights. We must ensure that our citizens and our businesses can get all those benefits, securely.
Overall the internet offers a boost to productivity, innovation, economic growth. It creates 5 jobs for every 2 lost. That’s an opportunity we can’t turn our backs on: we should do everything we can to achieve them. But rising threats, rising vulnerabilities, and lack of trust all stand in the way.
The reasons for these risks vary. Sometimes it’s about outright attacks; sometimes it’s people making mischief; sometimes just mistakes or natural disasters.
And indeed some of these cases are high-profile. In 2011, for example, you may recall the case of Dutch certification company Diginotar; or the security breaches at national registries for the EU’s emissions trading system. Two years ago the Dagmar storm wrecked millions of communications links. And so on.
The costs of insecure systems are high. According to the World Economic Forum, over the next decade, there is a 10% chance of a major breakdown costing over a quarter of a trillion dollars.
In just one year, PWC found that three quarters of UK small businesses, and 93% of large ones, had suffered a cybersecurity breach. Bear in mind each breach can cost tens of thousands of euros; for a large business ten times that. And the cost of data breaches can be millions, not to mention the reputational damage.
And risks are mounting. According to Symantec, the total number of attacks increased by 81% in just one year. And in ever more forms: denial-of-service, Trojans, worms, identity theft, botnets, phishing, you name it. And I know that many of you will yourself have experienced incidents with significant impacts.
Such events undermine trust, and often mean vital services or transactions need to be suspended.
Yet in spite of those issues, most ICT users are not aware enough of the risks they face online: and many are insufficiently prepared. And the majority of incidents could be prevented, by taking just simple or cheap measures.
These risks aren’t constrained by borders – neither within or outside the EU. They don’t stay meekly contained within one sole jurisdiction, under the watchful eye of a single authority. On a globally interconnected network, they travel freely, and they seek out the weakest link in the chain.
And if threats do not stop at national borders, nor does the responsibility to secure ourselves against them. This is a global problem needing a global response.
Fragmentation and duplication won’t help: we need to cooperate, in all kinds of ways. We have long supported measures to boost that cooperation within the EU. But as its importance rises, so does the imperative to do more.
Our EU Cybersecurity Strategy will propose a comprehensive approach. To improve the resilience and security of network and information systems, step up the fight against cybercrime, strengthen our international cybersecurity policy, and explore synergies with defence.
Alongside the Strategy will be a proposed Directive to strengthen cyber resilience and network and information security, within our internal market.
Let me outline our objectives. I’ve already mentioned the need for cooperation. And that will take place on several levels.
For a start, we need cooperation between policy areas. There are many aspects to cybersecurity: like prevention, resilience, law enforcement and defence. That calls for collaboration between those responsible for digital affairs, home affairs and external action. And that is exactly why I have been working closely with Cathy Ashton and Cecilia Malmstrom, and we will be presenting this strategy together. Here to read more.