Challenge

The security of the European Union cannot be guaranteed without the EU’s most valuable resource: its people. The EU urgently needs professionals with the skills and competences to prevent, detect, deter, and defend the EU against cyberattacks. In 2023, the shortage of cybersecurity professionals in the EU ranged between 260,000 and 500,000, while the EU’s cybersecurity workforce needs were estimated at 883,000 professionals. In addition, women amounted to only 20% of cybersecurity graduates and to 19% of information and communications technology specialists. Looking at the World Economic Forum’s Global Cybersecurity Outlook report, published in January 2024, the impact the skills gap has on businesses is alarming. 36% of respondents list the skills gap, as the main challenge to achieving their cyber-resilience goals.

As digital transformation practices along the entire business ecosystem have been largely driven by the adoption of modern ICT systems, platforms and applications, the need for protecting the digital infrastructures and processes against existing and emerging vulnerabilities and risks has exponentially grown. Thus, nowadays, EU critical sectors, various business sectors and organisations of any size face the risk of exposure to cyber threats that may lead to misuse and loss of personal and sensitive data and/or may disrupt their normal operations and processes. As a result, numerous related regulations (Cybersecurity Act, Cyber Resilience Act, Cyber Solidarity Act), directives (NIS2), and policy recommendations (Council Recommendation on a Blueprint to coordinate a Union-level response to disruptions of critical infrastructure with significant cross-border relevance, Commission Recommendation on Cybersecurity of 5G networks) have been agreed and publicly issued on the EU level to strengthen the adoption of strategic measures, towards enhancing the security of cyber ecosystems and fostering the resilience of systems, processes, and infrastructures.

The respective frameworks emphasise the role of the triple people, processes, and culture, as the success indicator for the realisation of cybersecurity risks in businesses and organisations, and the effective design and implementation of cybersecurity strategies. A fundamental aspect of this triple is the human factor. The successful operation of secure and digitally transformed processes requires, among others, people with expertise in identifying, managing, and mitigating cyber risks, either by reducing these risks or transferring them to insurance and reinsurance organisations, through cyber insurance practices. To do so, interdisciplinary teams of experts at all levels of an organisation’s hierarchy shall be able to exercise advanced skills in the adoption and use of technologies on cybersecurity, AI, and cyber insurance to securely operate their businesses within the entire cyber environment. Such technologies strongly relate to the entire cybersecurity protection and incident handling lifecycle that entails the efficient implementation of dynamic risk management approaches, robust cybersecurity protection and incident analysis and response mechanisms and risk-driven cyber insurance policies. On the other hand, it must be on human’s culture to be held accountable for defining proper cybersecurity strategies for their organisations and ensuring the compliance of these strategies with legal frameworks, national and international strategies, and standards that place in action specific security and certification requirements. Such requirements to be addressed imply responsibilities and obligations that humans must undertake in the context of an effective governance approach for the deployment of correct strategies.

Our Role

Eunomia Ltd in this project will contribute to addressing any legal or ethical issue that may arise during the projects course, by providing an analysis of the applicable ethical and legal framework complemented by comprehensive guidance on best conformity practices. It will also provide evidence-based compliance monitoring mechanisms and ensure that all legal and ethics issues will be supervised during the whole project lifecycle.