Share This Article
We trace the regulatory evolution of cybersecurity in Europe, from the first NIS Directive to the most recent legislative proposals on the subject as part of our series of articles named CyberEurope.
“Cybersecurity,” in its most common meaning, means the activity of analyzing and detecting cyber threats, and taking appropriate prevention and countermeasures to ensure the security of information systems.
Precisely the pervasiveness of information and communication technologies (ICTs), the driving force behind the economic and social development of modern societies, has been accompanied in recent years by an increasing exposure of systems and infrastructure to increasingly sophisticated and lethal cyber attacks.
According to the Clusit 2023 report, a 60 percent growth in attacks has been noted from 2018 to 2022, not only in number but also in severity, with large-scale economic impacts. While globally the great powers remain the main target of cyber criminals, countries like Italy remain in its own small way one of the most vulnerable countries to cyber attacks. In 2022 alone, Italy was the victim of 7.6 percent of the attacks that occurred worldwide, which resulted in an average cost of 3 million euros for the Italian companies that suffered them, according to a study by IBM.
The need to prevent and counter cyber threats in a coordinated manner has been placed high on the European Unionโs legislative agenda, with the result that since 2016 to date there has been an exponential expansion of the regulatory framework on cybersecurity.
Two regulations, two directives, a long list of national implementing decrees, and a number of legislative proposals under discussion now represent the articulated framework of rules intended to regulate – horizontally and vertically for some sectors – the security of information systems.
Therefore, in light of the complexity and now breadth of the legislation on the subject, to bring some order below we retrace through a timeline the evolution of the cybersecurity regulatory framework (already in force or still in the process of adoption) in the European legal system and offer a concise overview of the overall framework of emerging provisions.
On a similar topic, you can find the following article interesting โA cyber due diligence might save your deal!โ.
Photo by Shahadat Rahman on Unsplash
