ECA: Cybersecurity of EU institutions, bodies and agencies : Level of preparedness overall not commensurate with the threats
30 March 2022
The number of cyberattacks on EU institutions, bodies and agencies (EUIBAs) is increasing sharply. As EUIBAs are strongly interconnected, weaknesses in one can expose others to security threats.
We examined
whether the EUIBAs have adequate arrangements to protect themselves
against cyber threats. We found that, overall, EUIBAs’ level of
preparedness is not commensurate with the threats, and that they have
very different levels of cybersecurity maturity. We recommend that the
Commission improve EUIBAs’ preparedness by proposing the introduction of
binding cybersecurity rules and an increase in resources for the
Computer Emergency Response Team (CERT-EU). The Commission should also
promote further synergies among EUIBAs, and CERT-EU and the European
Union Agency for Cybersecurity should focus their support on less mature
EUIBAs.
Full paper
ECA
© European Court of Auditors
