According to BSA’s EU Cybersecurity Dashboard, Austria, Estonia and the Netherlands are the most cyber secure countries in Europe.
The report, which provides a simplified overview of the cyber security measures implemented in each EU member state, is designed to inform government officials of their country’s cyber security posture.
We’ve taken BSA’s findings and formatted them into numerical value: Yes = 1, No = 0 and Partial = 0.5 and then tallied up the results. Austria, Estonia and the Netherlands came in top with scores of 16.5, closely followed by the Czech Republic and United Kingdom with 16. Ireland, Croatia and Romania came in last with 3, 7 and 7.5 respectively.
Most countries had a computer emergency response team (CERT) and legislation that requires an inventory of “systems” and the classification of data, but only the Czech Republic had performed a cyber security risk assessment, and only Spain and the UK had partially defined sector-specific security priorities.
BSA covered five areas related to cyber security: legal foundations, operational entities, public private partnerships, sector specific cyber security plans and education.
Majority of EU businesses unprepared for new cyber security legislation
Even though this report shows most countries have some cyber security measures in place, 80% of EU businesses are unprepared for the upcoming General Data Protection Regulation (GDPR), according to FireEye’s report: Mixed State of Readiness for New Cybersecurity Regulations in Europe.
The report found that the majority of organisations “in France, Germany and the UK still have work to do in implementing sufficient security measures to meet new requirements”, and a third do not understand the impact of the new legislation.
The EU Networking and Information Security (NIS) Directive and the GDPR are both expected to be finalised this year and enforced from 2017, creating a single, unified approach to data protection and cyber security across Europe.
The easiest way for organisations to become cyber secure while supporting their adherence to the NIS Directive and the GDPR is to implement an information security management system (ISMS) as set out in the international standard ISO 27001. An ISMS provides a best-practice approach to dealing with information security and data protection obligations.
Organisations with multiple compliance requirements often seek certification to ISO 27001 because its comprehensive approach to information security can centralise and simplify disjointed compliance efforts. It is often the case that companies will achieve compliance with a host of legislative requirements simply by achieving ISO 27001 certification.
IT Governance’s ISO 27001 Packaged Solutions provide implementation resources and give online access to expert consultancy support, enabling organisations the world over to implement an ISMS at a speed and for a budget suitable to their needs.
For more information on our ISO 27001 Packaged Solutions, and to see how we can help your organisation meet its legal obligations, please click here >>