EU auditors warn against the lack of cybersecurity across EU bodies

The number of cyberattacks on EU institutions, bodies and agencies (EUIBAs) is increasing sharply, according to the European Court of Auditors’ (ECA) recent audit. As EUIBAs are strongly interconnected, weaknesses in one can expose others to security threats.

ECA examined whether the EUIBAs have adequate arrangements to protect themselves against cyber threats. They found that, overall, EUIBAs’ level of preparedness is not commensurate with the threats, and that they have very different levels of cybersecurity maturity. Therefore, EU auditors have recommend that the European Commission improve EUIBAs’ preparedness by proposing the introduction of binding cybersecurity rules and an increase in resources for the Computer Emergency Response Team (CERT-EU).

The Commission should also promote further synergies among EUIBAs, and CERT-EU and the European Union Agency for Cybersecurity should focus their support on less mature EUIBAs.