--- Posted by Marina Nedelcheva, DG INFSO: Internet, Network and Information security unit, Workshop organiser at the Digital Agenda Assembly
ICT networks and services, and in particular the Internet, are a key driver for our economy and society. They bring immense economic opportunities and at the same time provide a vital public good. Given our growing dependence on the smooth functioning of these networks and services, ensuring their security and availability is of utmost importance for our society.
Enhancing the level of cybersecurity is everyone's responsibility and this poses certain governance challenges. States are ultimately responsible for defining policies for the protection of vital information infrastructures, such as the Internet, however, their implementation depends on the involvement of the private sector, which owns and manages a large number of these infrastructures. The level of security is also affected by the actions of individual end-users.
So one of the questions that emerge is what are the right incentives for stakeholders to invest in cybersecurity at a level which meets the public policy and public safety expectations.
At the moment, the answer to this question is not straightforward.
One of the reasons is the lack of trusted data on cyber security risks and their economic impact which makes it difficult to assess the economic benefits of possible investments.
It is also unclear how the roles and responsibilities of the different stakeholders are allocated along the digital value chain. This creates externalities arising from situations where those investing in cyber security are not necessarily the ones that will benefit from the investment.
To address these problems, the Commission proposed in the policy initiative on Critical Information Infrastructure Protection to create the proper social and economic incentives to strengthen security, resilience and preparedness across the European Union.
We will be discussing this issue at the Digital Agenda Assembly (#daa11eu) in a workshop entitled “Cybersecurity: barriers and incentives”.
You are invited to share your ideas about this workshop on this blog or on Twitter using the #daa11security hashtag.