EU Cyber Strategy

'We acknowledge the EU’s legitimate ambition to strengthen its cyber industrial base with a focus on emerging technologies. 

Cybersecurity has no borders. The threats facing Europe are global in nature, maintaining and improving international cooperation with public and private partners is and will remain essential to keep Europe safe, secure and resilient. This is equally true for financing research, development and innovation as well as for attracting foreign direct investment and for  promoting international trade in cyber technologies.

We are particularly pleased to see the EU standing up against cybersecurity being used as an excuse to raise trade barriers. We very much count on the EU and its Member States to lead by example in this respect. We look forward to being actively involved in the public-private dialogue on defining a ‘duty of care’ in cybersecurity. In particular, a dialogue on the conditions under which self-certification will be acceptable is needed. Cybersecurity is not static, it will develop over time as technologies evolve and new threats occur. This will be a defining element of the concept of ‘duty of care’. We believe that all players in the ecosystem have a shared responsibility, including not only technology vendors and service providers, but also users themselves.

We fully agree on the importance of developing cyber awareness and skills and are prepared to do industry’s fair share in that regard, provided that public actors can also second the necessary support and resources for initiatives such as awareness raising campaigns on cyber security best practices. The insurance industry for example is well placed to drive behavioural change in the market place. More consideration should be given to the important role of cyber insurance in expanding the adoption of best practices.'

Read full position.