Cybersecurity in the EU: A Strategic Priority for 2021-2027


Our increasing dependence on digital services and new technological developments, such as the proliferation of interconnected devices (IoT) or of the Cloud, has brought the importance of cybersecurity to the fore. Over the past few years, the EU has turned its attention to this increasingly strategic issue, In 2019, the EU Cybersecurity Act was approved, which requires Operators of Essential Services (OES) and digital service providers (DSP) to abide by certain cybersecurity requirements. The Act also granted a permanent mandate and larger budget to the European Network and Information Systems Agency (ENISA).

The Covid-19 crisis has brought the challenges and risks related to our increasing dependence on digital technologies into even starker relief as businesses, services and education suddenly had to shift to connectivity and cloud solutions to enable remote working, distance learning, and even access to critical healthcare services. With this shift, unsurprisingly, came increased vulnerability and an intensification of incidents of fraud, data theft, ransomware attacks, hacking, and phishing. According to the “Cyber Attack Trends : 2021 Mid-Year Report”, cyber-attacks increased by 36% in Europe in the first half of 2021. Moreover, the Europol’s 2021 “Serious and Organised Crime Threat Assessment” recently shed light on the notable increase of ransomware attacks on public institutions and large companies. At the end of 2020, the commission presented a new EU Cybersecurity Strategy that emphasises the importance of transnational and unified action. ENISA’s priorities include building cyber resilience, fighting cybercrime, boosting cyber diplomacy, strengthening cyber defenses, supporting research and innovation and protecting critical infrastructure.

In response to these dynamics, in the 2021-2027 funding cycle the EU will support its cybersecurity objectives through substantial funding across various funding programmes, such as Digital Europe, Connecting Europe Facility second generation (CEF2) and Horizon Europe. Although these programmes all fund cybersecurity related projects, they do so with different priorities:

Programme 1:

The new Digital Europe programme will pave the way for and supports the digital transformation of Europe’s society and economy for the benefit of citizens and businesses. It also aims at accelerating recovery. One of its featured components refers to cybersecurity. More specifically, this programme will help the EU achieve a high common level of cybersecurity by investing in building European cybersecurity infrastructures, promoting the widespread deployment and take-up of state-of-the-art cybersecurity practices and equipment. Ultimately, these important actions will be building the EU’s digital sovereignty.

Programme 2:

The Connecting Europe Facility second generation (CEF2) will fund infrastructure investments in digital connectivity projects, transport and energy. The CEF2 Digital programme in particular will support the completion of the Digital Single Market by connecting Europe through Digital Service Infrastructures (DSIs) bridges and will catalyze investments in digital connectivity infrastructures of common interest. Sector-specific DSIs will deploy composite trans-European digital services based upon mature technical and organizational solutions including Cybesecurity, eProcurement, eHealth, eJustice, Online Dispute Resolution, Europeana, Safer Internet and Open Data.

Programme 3:

Cybersecurity is also addressed in Horizon Europe. Specifically, grants focused on cybersecurity can be found in the cluster “Civil security for society”. Projects that will be funded under this thematic focus will address the challenges of persistent security threats, including cybercrime.

A sample of Horizon Europe calls under this topic includes:

  1. Dynamic business continuity and recovery methodologies based on models and prediction for multi-level cybersecurity (HORIZON-CL3-2021-CS-01-01);
  2. Improved security in open-source and open-specification hardware for connected devices (HORIZON-CL3-2021-CS-01-02);
  3. AI for cybersecurity reinforcement (HORIZON-CL3-2021-CS-01-03);
  4. Scalable privacy-preserving technologies for cross-border federated computation in Europe involving personal data (HORIZON-CL3-2021-CS-01-04).

As with most European programmes, these grants support innovation and proposals must be articulated around a welldeveloped project in which cybersecurity solutions can be integrated.

The landscape of funding opportunities currently being deployed in the momentum of the EU cybersecurity strategy is quite broad, though generally speaking funders like to support research and innovation projects. This doesn’t mean that entities like SMEs should not consider this kind of funding, however. Recognizing the significance of SMEs to the European economy, the European Commission is also committed to supporting both the cybersecurity industry and the cybersecurity of SMEs in Europe. One example is the establishment of the European Cybersecurity Competence Centre and its network of national counterparts (the Network of National Coordination Centres, or NCCs). Individual member states of course also have programmes that support cybersecurity innovation and awareness.

With cybersecurity emerging as a critical policy and economic concern in the European Union, we are poised to see varied funding opportunities to support the development of innovative solutions and their upscaling, the improvement of digital skills, and, at the national and local level, the implementation of cyber solutions.