EU is ill-prepared for increasing cyberattacks, watchdog warns, as Russia’s war in Ukraine drags on

As Russia’s invasion of Ukraine accelerates European Union defence cooperation, a watchdog said Tuesday that EU institutions face vulnerabilities on another front: cybersecurity.

The warning by the European Court of Auditors covers the wide range of EU bodies – from the executive arm based in Brussels to specialist agencies located across Europe – that run the 27-nation bloc’s day-to-day business.

“The EU must step up its efforts to protect its own organizations,” Bettina Jakobsen, a member of the ECA, said in a statement accompanying a special report on cyberthreats. “Such attacks can have significant political implications.”

Cyberattacks against EU bodies are increasing “sharply”, with major incidents jumping more than tenfold between 2018 and 2021, according to the Luxembourg-based ECA.

Cybersecurity has jumped up the political agenda in Europe following attacks in recent years that targeted EU nations such as Germany and other industrialised countries including the United States, Britain and Australia.

In 2020, the EU imposed cyber sanctions for the first time, blacklisting a number of Russian, Chinese and North Korean hackers.

Nonetheless, the European auditors said Tuesday that EU organizations were failing to enact some “essential” cybersecurity controls and underspending in this area. The auditors also alleged a lack of “systematic” cybersecurity training and information sharing.

EU entities as a whole handle political, diplomatic, financial, economic and regulatory matters. The spectrum of activities underpins the bloc’s status as a geopolitical force, a global setter of industrial rules and the world’s most lucrative single market.