Press release BoxID: 178551 (ENISA - European Network and Information Security Agency)
  • ENISA - European Network and Information Security Agency
  • P.O. Box 1309
  • 71001 Heraklion, Crete
  • Contact person
  • Ulf Bergström
  • +30 (694) 8460143

ENISA: Concerted EU efforts are needed to avoid a 'digital 9/11' and combat cyber threats

(PresseBox) (Heraklion, Crete, ) The EU Agency ENISA, the European Network and Information Security Agency, today highlighted key online security issues in Europe, showcasing how it helps to counter Cyber Attacks, Spam, and risks of online social networking. The EU Agency also underlined the EU Member States' imbalances in addressing security threats at a media briefing in Brussels, 27/5. ENISA concludes that Member States have a long way to go in safeguarding the EU's e-economy. Europe should not wait for a 'digital 9/11', but instead reduce imbalances in EU Members States' security approaches.

ENISA presented a summary of its 'General Report 2007' and showcased some of its activities. The Agency underlined the crucial importance of Network and Information Security (NIS) for the European economy, in particular in regards to the i2010 goals (

Today, 30% of global trade is 'digitally dependent'. Spam costs business about €64,5bn in 2007, double the 2005 figure (Source: Ferris). As only 6% of spam reaches mailboxes, the problem is perceived to be under control. However, it is growing in quantity, size and bandwidth and remains a costly problem (, with 94 % of spam being the invisible part of the 'ice-berg'.

The Agency highlighted its success in mitigating Cyber Attacks by supporting the set up of 'Computer Emergency Response Teams' (CERT), almost like 'digital fire brigades'. In 2005, only eight EU Member States had governmental CERTs, whereas in 2008 the number has almost doubled to 14 (, with ten more planned within the next one to two years. CERTs are key components in combating cyber attacks such as those in Estonia, or spam generated by 'botnets'; hijacked computers of which there are 6mn in Europe ( used by organised criminals for sending spam and committing online fraud.

At the same time, ENISA underlined a concerning imbalance in Member States' security measures. The Executive Director of ENISA, Mr Andrea Pirotti commented:

"Europe must take security threats more seriously and invest more resources in NIS. Therefore, ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done. The Member States should undertake concerted efforts to reduce the imbalances in security levels, with more cross-border cooperation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for Member States to cooperate more closely.", Mr Pirotti concluded.

The Agency stressed the risks of online social networking sites ( and recommended for example a review of the Regulatory Framework of Directive 2002/58 on privacy and electronic communications.

ENISA has produced a feasibility study on a European Information Sharing and Alert System ( for citizens and small business, with SMEs constituting 2/3 of the EU economy. ENISA has launched a three-year program as of the beginning of 2008 to improve resilience to public e-communication networks, for Member States to mitigate the risks of a digital 9/11.

Upcoming future threats and risks beyond 2008 were identified: e.g. fraud in virtual worlds, where assets are estimated to be between €64,5mn and €100mn (in 2006). The Agency will in 2008 issue various Position Papers with recommendations, e.g. on interoperable eID for Europe.The Agency is an Expert body, providing independent, expert advice to the EU and its Member States, in e.g. Risk Management/Assessment, Awareness Raising, security policies, resilience, etc.

General Report 2007- Executive Summary