With more personal information stored digitally all the time, cybercrime is now a highly organised industry that is, in effect, also a global 'rent a hacker' black market. It offers massive profits to those who make a living from undermining the personal security and privacy of others.
This is an unfortunate reality. Its scale is alarming and the problem is growing.
While not always carried out for profit, a cyber-attack happens every minute somewhere in the world. More than 150,000 viruses and other types of malicious code are in circulation. At least a million people are victims of cybercrime daily, although it is also thought that many attacks go unnoticed.
Attacks against companies can generate many millions in costs, not to mention the catastrophic market loss and reputational damage. The devastating digital attack on Sony Pictures in late 2014 showed that our systems are still vulnerable.
Unsurprisingly, security against such incidents has become central to consumer confidence and the online economy. People are naturally concerned by the risks: a survey published this year showed that 85% of internet users across the EU thought the risk of becoming a victim of cybercrime is increasing.
We cannot get the best out of the opportunities offered by digital tools and online networks if we do not trust them. People will hesitate to use e-services if they are not confident that they are reliable, safe and secure. They may actually choose not to use them at all.
We have to stay one step ahead, to be ready to anticipate and respond to new security challenges. Just as importantly, we have to be constantly on guard and aware of potential as well as actual threats.
The same survey showed that only 47% of Europeans feel well informed about the risks of cybercrime.
Raising awareness of the risks and threats, as well as the fact that cybersecurity is a shared responsibility, are the main objectives of a campaign to be held across Europe throughout October: European Cybersecurity Month. In some 150 different events being organised in more than 25 countries, people will be able to learn more about online security and how to secure data and information online to protect against threat.
Building trust and confidence in the online environment and fighting cybercrime also requires strengthening cybersecurity activities in general.
Here, the European Union already works on a number of fronts, from promoting a better internet for children to bolstering international cooperation on cybersecurity as a way to fight cybercrime. However, since we have to be tough against the rising attacks in such an important and sensitive area, the legislation has to be tough as well.
The EU's directive on attacks against information systems, for example, came into force in 2013 and is designed to help EU countries deal with large-scale attacks against businesses and government organisations. It penalises illegal access, system and data interference, among other areas.
We are progressing well with the reform of the EU's rules on data protection, which will strengthen legal certainty and trust in the digital marketplace. I very much hope this will be in place by the end of the year; it will be the first step in our Digital Single Market (DSM) strategy to align the EU's different national rules and also increase trust in digital services.
This will be followed by a reform of the ePrivacy directive to ensure a high degree of privacy protection for individuals using communication services, regardless of the technologies used.
Another urgent objective is to finalise negotiations on the network and information security directive. It is vital to get this agreed and in place as soon as possible, something which EU leaders themselves called for back in June.
The directive will be the first comprehensive piece of EU legislation on cybersecurity and a fundamental building block for our future work.
Once in place, it will require companies in critical sectors – such as energy, transport, banking and health – to adopt risk management practices and report major incidents that can affect the DSM to their national authorities which will, in turn, be able to carry out more capacity-building with better cross-border cooperation inside the EU.
Cybersecurity is the first line of defence against cybercrime, which is by its very nature borderless, flexible and innovative. These days, cybercriminals are only limited by their imagination, so we have to be able to match and anticipate their ingenuity.
Raising awareness is already a great step forward - and so I wish the European Cybersecurity Month campaign every success - because then, when they are online, people can make better informed choices and guard against risks.
Cybersecurity is a matter for everyone, a shared responsibility. Like the internet itself, cyber-attacks do not recognise borders.
We are all in this together and need to help each other to fight a negative global phenomenon.
Another blog soon.