JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE
COUNCIL
The EU's Cybersecurity Strategy for the Digital Decade
I.
INTRODUCTION: A CYBERSECURE DIGITAL TRANSFORMATION IN
A COMPLEX THREAT ENVIRONMENT
Cybersecurity is an integral part of Europeans’ security. Whether it is connected devices,
electricity grids, or banks, aircraft, public administrations or hospitals they use or frequent,
people deserve to do so within the assurance that they will be shielded from cyber threats.
The EU’s economy, democracy and society depend more than ever on secure and reliable
digital tools and connectivity. Cybersecurity is therefore essential for building a resilient,
green and digital Europe.
Transport, energy and health, telecommunications, finance, security, democratic
processes, space and defence are heavily reliant on network and information systems
that are increasingly interconnected. Cross-sector interdependences are very strong
because networks and information systems, in their turn, depend on a steady supply of
electricity to function. Connected devices already outnumber people on the planet, and their
number is forecast to rise to 25 billion by 20251: a quarter of these will be in Europe.
Digitisation of working patterns has been accelerated by the COVID-19 pandemic, during
which 40% of EU workers switched to telework, with likely permanent effects on everyday
life2. This increases vulnerabilities to cyberattacks3. Connected objects are often shipped to
the consumer with known vulnerabilities, which further increases the attack surface for
malicious cyber activities4. The industrial landscape in the EU is increasingly digitised and
connected; this also means that cyberattacks can have far greater impact on industries and
ecosystems than ever before.
The threat landscape is compounded by geopolitical tensions over the global and open
Internet and over control of technologies across the whole supply chain 5. These tensions
are reflected in the increasing number of nation states erecting digital borders. Restrictions of
and on the Internet threaten global and open cyberspace, as well as the rule of law,
1
Estimated by telecommunications trade association GSMA; https://www.gsma.com/iot/wpcontent/uploads/2018/08/GSMA-IoT-Infographic-2019.pdf). The International Data Corporation forecast
42.6 billion
connected
machines,
sensors,
and
cameras;
https://www.idc.com/getdoc.jsp?containerId=prUS45213219.
2
According to a survey in June 2020, 47% of business leaders said they intended to allow employees to work
remotely full-time even as it becomes possible to return to the workplace; 82% intended to permit remote
working at least some of the time; https://www.gartner.com/en/newsroom/press-releases/2020-07-14-gartnersurvey-reveals-82-percent-of-company-leaders-plan-to-allow-employees-to-work-remotely-some-of-the-time.
3
https://www.europol.europa.eu/sites/default/files/documents/internet_organised_crime_threat_assessment_iocta
_2020.pdf
4
One of the most damaging malware to date, known as Mirai, created botnets of over 600 000 devices that
disrupted multiple major websites in Europe and the United States.
5
Including electronic components, data analytics, cloud, faster and smarter networks with 5G and beyond,
encryption, Artificial Intelligence (AI), and new computing and trusted data processing paradigms such as
blockchain, cloud-to-edge and quantum computing.
1