At an Information Security Conference on 4 November 2012, the EU Commissioner for a Digital Agenda, Neelie Kroes, revealed plans to introduce legislation involving the implementation of a high level of network and information security across the EU, effectively extending the obligations to adopt risk management measures to private sector industries such as banking, energy, health and transport.

Cyber-security threats and vulnerabilities are increasing with businesses in virtually all sectors interacting with, and being dependant on, digital networks and infrastructure to provide their services, the Commissioner stated that cyber-security should be “on top of the agenda”. Commissioner Kroes stated that “web-based attacks went up 36% in the year 2011”, and a recent Eurostat survey revealed that only 26 percent of enterprises in the EU at the beginning of 2012 had a formally defined security policy with a plan for regular review.

Although networks and infrastructure are mainly privately owned and run, the Commissioner declared that there is a shared responsibility between the public and private sectors to address cyber-security, with the public sector needed to provide incentives and set the example for the private sector to follow.

International cooperation on cyber-security is one of the Commissioner’s key priorities, and she pointed to the approach to cyber-security adopted by the United States as the method to follow, declaring that “in the U.S. it has long obtained political attention.” The European strategy for cyber-security which Kroes plans to put forward aims to encourage demand for greater security and promote the competitiveness of the EU ICT industry, elevating cyber-security on the political agenda whilst continuing to promote the “EU core values and fundamental rights, including freedom of expression and access to information, as well as data protection and privacy.”