Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

ENISA: Modest Increase in Cybersecurity Spending in EU Not Enough

Penka Hristovska
Penka Hristovska
Penka Hristovska Penka Hristovska

European companies are investing too little in cybersecurity, according to the new report of the European Union Agency for Cybersecurity (ENISA).

The report showed that companies are allocating just 0,4% more of their IT budget to cybersecurity from 2021 to 2022, despite a jump of 25% of the cost of major cyber incidents in the same period.

The findings come from a survey that asked 1,080 OES (Operators of Essential Services) and DSP (Digital Services Providers) from all 27 member states of the European Union about how they invest in cybersecurity and whether they’re following the rules under the NIS (Network and Information) Directive.

The NIS Directive is a critical piece of EU-wide legislation that sets common requirements for the cybersecurity of network and information systems. The goal of the legislation is to establish a comprehensive and collaborative approach to cybersecurity that protects both consumers and businesses​ and addresses evolving cybersecurity challenges.

A little under half of all organizations that took part in the survey said they don’t plan to hire information security FTEs (Full Time Equivalents) in the next 2 years, and one of the reasons is that they’re facing some hiring issues. For instance, 83% of the surveyed organizations said they had trouble recruiting people in at least one of the listed information security domains.

This, in turn, affects how vulnerabilities are managed and fixed. According to the report, only 28% of the organizations would take a week to fix critical asset vulnerabilities. More than half of the organizations in the transport sector need one month to fix critical vulnerabilities and 21% need between one and six months to do the same.

In response to the report, EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, highlighted the need for continual skill development and investment to deal with the evolving cyber threat landscape.

“Allocating sufficient budgetary and human resources to cybersecurity is key to our success. Managing vulnerabilities is essential and must go hand-in-hand with “secure by design” initiatives. In the meantime, we do need to continually invest in areas such as identifying, managing, and reporting vulnerabilities that can have an impact on the security of the whole Digital Single Market,” Lepassaar said.

About the Author
Penka Hristovska
Penka Hristovska
Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.