EU Supreme Audit Institutions consolidate their cybersecurity publications into a single document

As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors across the European Union have been paying increasing attention to the resilience of critical information systems and digital infrastructures. The Audit Compendium on cybersecurity, published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an overview of their relevant audit work in this field.
 
Cyber incidents may be intentional or unintentional and range from the accidental disclosure of information to attacks on businesses and critical infrastructure, the theft of personal data, or even interference in democratic processes, including elections, and general disinformation campaigns to influence public debates. Cybersecurity was already critical for our societies before COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber threats. Many business activities and public services have moved from physical offices to teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.

Protecting critical information systems and digital infrastructures against cyberattacks has thus become an ever-growing strategic challenge for the EU and its Member States. The question is no longer whether cyberattacks will occur, but how and when they will occur. This concerns us all: individuals, businesses and public authorities. European SAIs have therefore geared up their audit work on cybersecurity, with a particular focus on data protection, system readiness for cyberattacks, and the protection of essential public utilities systems. This has to be set in a context in which the EU is aiming to become the world’s safest digital environment.

The Compendium published today provides background information on cybersecurity, main strategic initiatives and relevant legal bases in the EU. It also illustrates the main challenges the EU and its Member States are facing, such as threats to individual EU citizens´ rights through misuse of personal data, the risk for institutions of not being able to deliver essential public services or facing limited performance following cyberattacks.
The Compendium draws on the results of audits carried out by the SAIs of twelve EU Member States (Denmark, Estonia, Finland, France, Ireland, Hungary, Latvia, Lithuania, the Netherlands, Poland, Portugal and Sweden) and the ECA.
The Compendium is a product of cooperation between the SAIs of the EU and its Member States within the framework of the Contact Committee of EU supreme audit institutions. It is designed to be a source of information for everyone interested in this important policy field. It is available on the EU Contact Committee website.
EU Supreme Audit Institutions consolidate their cybersecurity publications into a single document