European Court of Auditors: EU institutions insufficiently prepared for cyber attacks

The European Court of Auditors has examined the preparedness of European institutions against cyber-attacks and concludes that this is insufficient. According to the Court, there is a need for closer cooperation between different authorities to ensure safety.

The European Court of Auditors publishes a new report drawing firm conclusions about the ‘level of preparedness’ of EU bodies. According to the Court of Auditors, the administrative bodies of the EU do not have their cybersecurity in order and new rules for the institutions must be drawn up quickly. The European Court of Auditors advises the European Commission to draw up binding rules for EU bodies when it comes to cybersecurity.

According to the Court’s report, the number of attacks has increased more than tenfold since 2018. At least twenty-two institutions are said to have been affected by an attack in the past two years. In some cases, it took weeks or even months for everything to work properly again. As an example, the Court cites the attack on the European Medicines Agency that took place in early 2021.

In the survey, sixty-five institutions were questioned about their cybersecurity policy. For example, questions were asked about what measures are being taken to increase awareness about cyber security. Among other things, it found that less than a third of organizations have specialized training for IT managers who manage systems with sensitive information.

Source: European Court of Auditors

The organizations were also asked about the main barriers to implementing better cybersecurity measures. Finding competent personnel is mentioned as the most important barrier. A limited budget also plays a role. It whole report can be found on the website of the European Court of Auditors.