Citizens turn to the European Parliament to ask what the EU is doing to combat cybercrime. Over recent years, cybercrime has been a growing threat to the EU: it is estimated to have increased fivefold from 2013 to 2017. The most prominent types of cybercrime are attacks against information technology (IT) systems, online fraud (including phishing and identity theft), and illegal online content (including incitement to terrorism and child sexual abuse). With an increasing reliance on the internet due to the measures taken against the coronavirus, specific crimes targeting citizens’ fears about the pandemic have also increased. However, cyber-attacks are not exclusively conducted with a criminal intent. Increasingly, they have played a role in what is known as hybrid warfare, taking the shape of disinformation attacks to influence democratic processes. As borders do not limit cybercrime, it is essential for the European Union to develop a common approach in order to complement the national capabilities of EU countries that primarily address these issues.
To achieve this, the European Union Agency for Cybersecurity (ENISA) was established in 2004. It cooperates with EU countries and institutions and helps to make the EU more resilient against cyber-attacks, in particular by contributing to cyber policy, operational cooperation and capacity building. Current key topics include fostering cloud computing security, ensuring the robustness of critical infrastructure against attacks as well as providing resources regarding the cybersecurity issues brought on by the coronavirus.
Additionally, the European Union’s law enforcement agency Europol established the European Cybercrime Centre (EC3) in 2013, to ‘help protect European citizens, businesses and governments from online crime’. It has since been involved in high-profile operations as well as on-the-spot operational support, and also made cybercrime one of its priority areas from 2018‑2021.
European Parliament actions
Given this increase in the frequency of cybercrime and the growing digital connectedness of the EU, a 2019 Regulation on cybersecurity (replacing the 2013 Cybersecurity Act) aims at ensuring the proper functioning of the internal market and a high level of cybersecurity, cyber resilience and trust within the Union. In the course of adopting the regulation, the European Parliament highlighted the importance of a common response to cyber-attacks, helped by expertise provided through the European Union Agency for Cybersecurity. This is also meant to facilitate operational cooperation between EU countries.
The European Parliament had previously adopted a resolution on the fight against cybercrime in October 2017, where it underlined that fighting cybercrime should be first and foremost about safeguarding and hardening critical infrastructures and other networked devices and not only pursuing repressive measures.
EU cybersecurity strategy
In December 2020, the Commission presented a new cybersecurity strategy. The strategy aims to bolster Europe’s collective resilience against cyber threats. Specifically, the Commission put forward legislative proposals on the security of network and information systems and on the protection of critical infrastructure. Both proposals aim to address both cyber and physical resilience of critical entities and networks: the European Parliament and EU countries are working on these proposals.
Other measures taken by the EU
In May 2019, the EU countries established a sanctions framework for cyber-attacks originating outside the EU, which enables them to place sanctions on perpetrators of cybercrime and can act as a deterrent by increasing the consequences of conducting a cyber-attack against EU countries or international organisations.
- Cyber: How big is the threat?, European Parliamentary Research Service, At a Glance, July 2019
- Internet Organised Crime Threat Assessment (IOCTA) 2020, Europol, Report, October 2020
- Understanding the EU response to organised crime, European Parliamentary Research Service, Briefing, September 2020
- The EU’s Cybersecurity Strategy in the Digital Decade, European Commission, Factsheet, December 2020
- Cybersecurity: how the EU tackles cyber threats, Council of the European Union
Keep sending your questions to the Citizens’ Enquiries Unit (Ask EP)! We reply in the EU language that you use to write to us.