As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors across the European Union have been paying increasing attention to the resilience of critical information systems and digital infrastructures. The Audit Compendium on cybersecurity, published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an overview of their relevant audit work in this field.

Cyber incidents may be intentional or unintentional and range from the accidental disclosure of information to attacks on businesses and critical infrastructure, the theft of personal data, or even interference in democratic processes, including elections, and general disinformation campaigns to influence public debates. Cybersecurity was already critical for our societies before COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber threats. Many business activities and public services have moved from physical offices to teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.

Protecting critical information systems and digital infrastructures against cyberattacks has thus become an ever-growing strategic challenge for the EU and its Member States. The question is no longer whether cyberattacks will occur, but how and when they will occur. This concerns us all: individuals, businesses and public authorities.

“The COVID-19 crisis has been testing the economic and social fabric of our societies. Given our dependence on information technology, a ‘cyber crisis’ could well turn out to be the next pandemic“, said the President of the European Court of Auditors (ECA), Klaus-Heiner Lehne. “Seeking digital autonomy and facing challenges posed by cyber threats and external disinformation campaigns will undoubtedly continue to be part of our daily lives and will remain on the political agenda in the next decade. It is therefore essential to raise awareness of recent audit findings on cybersecurity across the EU Member States.”