2024-12-07 16:30:00
ANDThese are some of the conclusions of the report by the European Union Agency for Cybersecurity (ENISA) on investments in the security of NIS networks and information systems [‘Network and Information Security’, em inglês] in 2024, when an evaluation of the cybersecurity policy will be carried out.
In the European Union (EU) 28, awareness of the directive is widespread, with 92% of respondents saying they are aware of the general outline of NIS2.
however, the level of knowlege varies “significantly” between Member States and sectors. Such as, in France and Finland 100% of the entities interviewed say they are aware of the directive, while Malta has 80% and Bulgaria 82%.
In Portugal, 88% of entities are aware of the IT security directive – the transposition of which is in public consultation -, at the same level as Romania and below Spain and Poland (94%), Slovenia, Slovakia and Hungary (92%), for example .
On the contrary,12% of Portuguese institutions continue to have no knowledge,as in Estonia and Romania,while in Malta they are 20%,followed by Bulgaria (18%),Croatia (16%) and Lithuania (14%) . All other countries register a percentage below 12%.
Regarding leadership involvement in cybersecurity training by member State, the ENISA report states that in Portugal 40% of the entities involved in the study said their leaders had not received training on the subject, above Germany (32%) , Spain and France (34%) or Italy (30%).
Though, in this parameter, Portugal performs better than Greece (54%), Gunfria (65%) or Sweden (44%).
Regarding leadership involvement in approving cybersecurity risk management measures,in Portugal 86% of entities say they are responsible for adopting the measures. In Germany it is indeed 98%, in Spain, france and Italy 94%, while in Sweden it is 82%.
In terms of perceived maturity of cybersecurity risk management, Portugal has a score of 6.8, below Spain (7.8), France (7.9), Italy (7.8) and Germany (7.6 ), among others.
In terms of its ability to detect and respond to sophisticated cyber attacks, Portugal has a score of 7.1, above Cyprus (5.5),Malta (5.8), Luxembourg (6.8) or Greece (7), among others.
spain is in the lead (score 8), followed by France (7.9) and Germany and Finland (7.6).
Read also: NATO reaches agreement on “proactive decisions” to mitigate Russian destabilization
How can EU member states improve their cybersecurity awareness and training initiatives?
Interview: Cybersecurity Landscape in the EU – Insights from ENISA’s Report
Time.news Editor: Welcome! Today, we’re discussing the recent findings from the European Union Agency for cybersecurity (ENISA) regarding the state of cybersecurity investments and awareness across the EU.We have Dr. Elena Ferreira, a cybersecurity expert, with us to delve into the implications of this report. Thank you for joining us, Dr. Ferreira!
Dr. Elena Ferreira: Thank you for having me! It’s an important topic, and there’s a lot to unpack.
Time.news Editor: To start, the report highlights a high level of awareness regarding the NIS2 directive, with 92% of respondents in the EU acknowledging it. What does this widespread awareness indicate about the current state of cybersecurity in the region?
Dr. Ferreira: This level of awareness is encouraging and suggests that there is a foundational understanding among organizations about the importance of cybersecurity.However, it’s concerning that knowledge varies significantly between Member States, pointing to inequalities that could weaken the overall resilience of the EU against cyber threats.
Time.news Editor: Indeed, the report shows variation, especially with countries like France and Finland having 100% awareness, while others like Malta and Bulgaria trail behind at 80% and 82% respectively. What could be the implications of such disparities?
Dr.Ferreira: Disparities like these can create vulnerabilities. Countries with lower awareness may be ill-prepared for potential cyber attacks, putting them and their neighboring nations at risk. Cybersecurity is a shared obligation within the EU, and weaknesses in one member state can affect the entire region. It’s essential for countries with high awareness levels to assist those lagging behind.
Time.news Editor: Moving to leadership involvement, the report reveals that 40% of entities in Portugal stated their leaders had not received cybersecurity training — the highest percentage among the surveyed nations. What impact does this lack of training have?
Dr. Ferreira: Leadership plays a critical role in shaping an association’s cybersecurity policies. When leaders lack training, they may underestimate the importance of robust cybersecurity practices and risk management measures, possibly leading to poor decision-making. This gap can hinder the implementation of effective security protocols and leave organizations more vulnerable.
Time.news Editor: On a more positive note, the report mentions that 86% of Portuguese entities are responsible for adopting cybersecurity risk management measures. How does this compare to other countries, and what does it say about Portugal’s proactive stance?
Dr. Ferreira: While 86% involvement is positive, it’s still below countries like Germany (98%) and Spain, France, and Italy (94%).This indicates that Portugal is aware of its responsibilities but may need to enhance engagement from leadership and improve training initiatives to effectively implement risk management strategies.
Time.news Editor: The perceived maturity of cybersecurity risk management in Portugal is rated at 6.8, lower than several other EU countries. In your opinion, what are the practical steps Portugal should take to improve this score?
Dr. Ferreira: Portugal can take several steps: first, investing in extensive cybersecurity training for leadership and staff to build a robust skill set; second, fostering a culture of cybersecurity awareness throughout all organizational levels; and lastly, collaborating with other EU nations to share best practices and develop a united front against cyber threats.
Time.news Editor: The report also highlights Portugal’s ability to detect and respond to sophisticated cyber attacks, scoring 7.1. How does this score compare to the EU’s leading countries in this regard?
Dr. Ferreira: portugal’s score of 7.1 is commendable, especially compared to nations like Cyprus and malta. However,leading countries like Spain and France,scoring 8 and 7.9 respectively,illustrate that there’s room for betterment. Investing in advanced threat detection systems and response capabilities will further enhance Portugal’s standing in this critical area.
Time.news Editor: what advice would you give to organizations in portugal and across the EU as they navigate the complexities of the current cybersecurity landscape?
Dr. Ferreira: Organizations must prioritize cybersecurity as a core business function. This includes continuous training,updating their cyber defense strategies regularly,and fostering an surroundings where cybersecurity is integrated into everyday practices. Collaboration within the EU can also help organizations learn from one another and strengthen their defenses collectively.
Time.news Editor: Thank you, Dr. Ferreira, for your valuable insights today! It’s clear that while progress has been made, there’s still much work to do in the realm of cybersecurity across the EU.
Dr.Ferreira: Thank you for having me! It’s a pleasure to discuss such a vital issue.