This website uses cookies. View our cookie policy

Cyber Security

Europol's 2015 Internet Organised Crime Threat Assessment (IOCTA) found that cyber crime “is becoming more aggressive and confrontational” and the “number and frequency of [publicly] disclosed data breaches is dramatically increasing”.

Rather than “devising novel attack methods, most cyber-attacks rely on existing, tried and tested exploits, malware code and methodologies such as social engineering, which are re-used and recycled to create new threats.”

"The lack of digital hygiene and security awareness,” it explained, brings “opportunities and gain to the criminal masses."

As cyber crime demonstrably increases in scale and severity, all European organisations need to recognise that security software alone is not enough to protect them from cyber crime: cyber security technologies are only effective when appropriate processes are in place, and processes are only effective when people are adequately trained to adhere to them.

An effective cyber security posture relies on policies, risk management, tools, training, best practice and technologies to protect the confidentiality, availability and integrity (CIA) of corporate information assets.

Cyber security in Europe

The European Commission’s key cyber security objectives are:

  1. Increasing cyber security capabilities and cooperation
  2. Making the EU a strong player in cyber security
  3. Mainstreaming cyber security in EU policies
The Cyber Security Strategy of the European Union and the European Agenda on Security provide the overall strategic framework for EU cyber security initiatives.

Directive on security of network and information systems

Proposed in February 2013 and enacted in 2016, Directive (EU) 2016/1146 – the NIS Directive – is the main instrument that supports Europe’s cyber security objectives. It aims to achieve a high common level of network and information systems security across the European Union by:

  1. Improving national cyber security capabilities
  2. Increasing cooperation between EU member states
  3. Requiring “operators of essential services and digital service providers” to take appropriate security measures and notify the relevant national authorities of serious incidents

Click here for more information about the NIS Directive >>

General Data Protection Regulation

The GDPR also has cyber security implications for organisations that process personally identifiable information (PII).

Among other obligations, data processors must notify data controllers of personal data breaches “without undue delay” and data controllers, in turn, must notify the relevant supervisory authority within 72 hours. Processors and controllers will both be liable for damage caused by processing that does not comply with the Regulation.

All organisations that process EU residents’ PII must comply with the Regulation by 25 May 2018 or face penalties of up to €20 million or 4% of annual global turnover – whichever is the greatest.

Click here for more information on the GDPR >>

Download our free cyber security green paper

Cyber Security: A Critical Business Issue provides an overview of cyber security and explains how to apply effective cyber security measures in all organisations.

Download now

Notable data breaches in the EU

Date Victim Details
January 2016 FACC German aerospace parts manufacturer FACC’s financial accounting department was targeted by cyber fraud that caused the loss of €50 million.
June 2015 LOT Poland’s national airline, LOT, suffered an “IT attack” that caused several flights to be grounded. The attack targeted the ground computer systems at Warsaw’s Okecie Airport, forcing ten flights to be cancelled and a further 12 to be delayed.
June 2015 Bundestag Parts of the Bundestag’s systems – including the drives of the parliamentary committee investigating allegations of BND (Germany’s foreign intelligence agency) surveillance on behalf of the NSA (the US’s National Security Agency) – were temporarily shut down following a cyber attack.

April 2015


French television network TV5Monde – which broadcasts to more than 200 countries – suffered an “unprecedented” cyber attack, taking 11 channels off air. Attackers claiming affiliation with Islamic State also hacked into the TV station’s website and Facebook page.
January 2015 19,000 French websites Around 19,000 French websites were attacked by “more or less structured” groups, according to France’s cyber defence chief, Adm. Arnaud Coustilliere. Denial-of-service attacks hit a wide range of websites, from military regiments to pizza shops.
January 2015 German government websites CyberBerkut, a group of pro-Russian hackers, claimed that it brought down the websites of Germany’s parliament and chancellor Angela Merkel.
December 2014 German iron plant Cyber criminals gained access to an iron plant and caused “massive damage to the whole system” when a furnace was unable to shut down properly.
July 2014 European Central Bank (ECB) 20,000 email addresses, plus phone numbers and postal addresses were stolen when the ECB’s website was hacked.


EU member states and European institutions are protected by the European Union Agency for Network and Information Security (ENISA). ENISA’s role is to enhance cyber security and to respond to cyber security challenges across the European Union. The agency seeks to develop awareness of information security for the benefit of EU citizens, consumers, businesses and public sector organisations.

Part of Europol – the EU’s law enforcement agency – the European Cybercrime Centre (EC3) was established in 2013 to "strengthen the law enforcement response to cybercrime in the European Union (EU) and to help protect European citizens, businesses and governments." It focuses on three areas:

ISO 27001 and cyber security best practice

ISO 27001, the international cyber security standard, sets out the requirements for a risk-based ISMS (information security management system) that encompasses people, processes and technology. It forms the backbone of every intelligent cyber security risk management strategy.

Implementing ISO 27001 provides companies with assurance and also helps to develop and enhance information security best practice. Benefits of ISO 27001 certification include:

  • Winning and retaining business opportunities
  • Protecting and enhance your reputation
  • Building trust (internally and externally)
  • Demonstrating compliance
  • Satisfying audit requirements
  • Improving efficiency
  • Identifying vulnerabilities

Click here for more information on ISO 27001 >>

Cyber resilience

Sensible organisations recognise that it’s impossible to defend against all potential attacks. Effective cyber resilience combines cyber security and business continuity to set out coordinated, integrated plans for rebuffing, responding to and recovering from a wide range of possible attacks and disruptive events.

Cyber resilience is a key principle underpinning ISO 27001, and the wider issue of ICT’s role in business continuity is covered by ISO 27031.

Click here for more information on cyber resilience >>

The top cyber threats facing your organisation


One of the fastest-growing forms of cyber attack, ransomware is a type of malware tha demands payment after encrypting the victim’s files, making them inaccessible. Paying the ransom does not guarantee the recovery of all encrypted data.

Learn how to protect your business from ransomware in just 10 minutes >>


Phishing attacks are continually on the rise. Often indistinguishable from genuine emails, text messages or phone calls, these scams can inflict enormous damage on organisations. 

Take action against targeted phishing attacks today >>


Malware is a broad term used to describe any file or programme intended to harm a computer, and encompasses trojans, social engineering, worms, viruses and spyware.

Prevent malware and protect against 80% of cyber attacks with Cyber Essentials >>

Social engineering

Improve staff awareness of cyber security risks >>

Outdated software

The use of outdated (unpatched) software (e.g. Microsoft XP0 opens up opportunities for criminal hackers to take advantage of known vulnerabilities that can bring entire systems down.

Implement patch management and prevent 80% of attacks with Cyber Essentials >>

Vulnerabilities in web applications and networks

Cyber criminals are constantly identifying new vulnerabilities in systems, networks or applications to exploit. These activities are conducted via automated attacks and can affect anyone, anywhere.

Penetration testing is an effective way to identify and eliminate vulnerabilities >>

Start your journey to being cyber secure today

IT Governance has a wealth of experience in the cyber security and risk management field. As part of our work with hundreds of private and public organisations in all industries, we have been carrying out cyber security projects for more than fifteen years. All of our consultants are  qualified, experienced practitioners.

Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of solutions below to kick-start your Cyber Security project.

Download our free cyber security resources

Cyber security products and services

Speak to an expert

To find out more on how our cyber security products and services can protect your organisation, or to receive some guidance and advice, speak to one of our experts.