As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors
across the European Union have been paying increasing attention to the resilience of critical
information systems and digital infrastructures. The Audit Compendium on cybersecurity,
published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an
overview of their relevant audit work in this field.
Cyber incidents may be intentional or unintentional and range from the accidental disclosure of
information to attacks on businesses and critical infrastructure, the theft of personal data, or
even interference in democratic processes, including elections, and general disinformation
campaigns to influence public debates. Cybersecurity was already critical for our societies before
COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber
threats. Many business activities and public services have moved from physical offices to
teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.
Protecting critical information systems and digital infrastructures against cyberattacks has thus
become an ever-growing strategic challenge for the EU and its Member States. The question is no
longer whether cyberattacks will occur, but how and when they will occur. This concerns us all:
individuals, businesses and public authorities.
“The COVID-19 crisis has been testing the economic and social fabric of our societies. Given our
dependence on information technology, a ‘cyber crisis’ could well turn out to be the next
pandemic“, said the President of the European Court of Auditors (ECA), Klaus-Heiner Lehne.
“Seeking digital autonomy and facing challenges posed by cyber threats and external
disinformation campaigns will undoubtedly continue to be part of our daily lives and will remain
on the political agenda in the next decade. It is therefore essential to raise awareness of recent
audit findings on cybersecurity across the EU Member States.”