Cybersecurity Perspectives: Europe vs. USA

The tsunami of cybersecurity threats continues unabated; ransomware, phishing and data theft, to name but a few examples of cyber-attacks, continue to cost companies across the globe millions in lost revenue, data loss and ransom.

While this is a global phenomenon, there are some nuances in how individual countries approach the thorny cybersecurity issue.

We’ve teamed up with Vation Ventures for an insightful content series, diving deeper into the trends furthering innovation across the industry. Through leveraging research and tapping into our combined ecosystems, this series provides a unique opportunity to hear from innovation experts. Here is a look at how Europe and the USA view the cyber threat landscape.

Cybersecurity Awareness Month

Cybersecurity & Infrastructure Security AgencyCybersecurity awareness month is celebrated in Europe and in the USA every year, during the month of October. This year, National Cybersecurity Awareness Month (NCSAM) in the USA, reaches its eighteenth year of educating organisations on cybersecurity issues. The 2022 theme is “See Yourself in Cyber,” highlighting how cybersecurity, however complex, is all about people and human behaviour, a fundamental building block to ensuring a solid security posture.

European Cyber Security Month is celebrating its tenth anniversary in 2022. Like the NCSAM, the ECSM has themes; in 2022, the focus is phishing and ransomware.

Cybersecurity in Europe

Top priorities

The EU’s cybersecurity awareness month focuses on phishing and ransomware for a reason – they are top priorities across the region. The European Union (EU) intends to invest 1.6 billion euros in cybersecurity through to 2027, as part of the “Digital Europe Programme.”

Cybersecurity in the US

Top priorities

The FBI identified that ransomware attacks affected 649 critical infrastructures in 2021. In May 2022, the Cybersecurity & Infrastructure Security Agency (CISA) placed the protection of Critical Infrastructures as a top priority.

Top Cyber Threats

Top cyber threats in Europe and in the USA include:

EuropeUSA
Ransomware: ENISA described ransomware in 2022 as becoming “more efficient and causing more devastating attacks.”The expanded surface: The attack surface increased with the explosion of cloud computing, edge devices, and remote working.
Supply chain attacks: A report on supply chain attacks advised organisations must update their defenses to match the rise in frequency and complexity of supply chain cyber-attacks.Identity and fraud: Identity-based fraud is becoming a focal point for cyber-attacks. The Federal Trade Commission (FTC) recorded 2.8 million consumer fraud incidents in 2021.
Phishing: research shows that phishing continues to be a severe threat to the enterprise.The connected car: As autonomous and connected vehicles become popular in the USA, automotive hacking is expected to become an increasing problem.

Most popular emerging technologies

Some of the most popular emerging technologies in the USA and in Europe are:

EuropeUSA
Robust Know Your Customer (KYC and identity verification): KYC checks provide a mechanism to prevent identity fraud.Zero Trust: Identity-centric zero trust or Zero Trust Network Access (ZTNA) offer a way to control access across expanded networks.
Emerging disruptive technologies (EDTs): ENISA has published a report, "Artificial Cybersecurity Challenges" on the potential of AI used as an attack mechanism and an EDT.Robust Know Your Customer (KYC and identity verification): KYC checks provide a backbone mechanism to prevent identity fraud.
Quantum computing and security: the EU project OpenQKD is developing standards to deliver the framework for a quantum-secure future.Behavioral analytics and XDR: UEBA (user and entity behavioral analytics) uses machine learning to spot anomalies against a baseline of expected behavior by people and devices.

Innovation has an important role in enabling business to keep up with the fast evolving cyber threat landscape. In its annual CXO survey, Vation Ventures, a leading innovation consulting and research firm, provides some insights into the acceptance of emerging technologies for Cybersecurity:

97% of CXOs surveyed said their current focus on emerging technologies was in the cybersecurity area. CXOs identified endpoint and email security as the top two measures deployed (85% and 81%, respectively), with identity management coming in a close third (70%).

Differences in approach: privacy and security legislation

The EU has harmonized its approach to digital privacy rights through the General Data Protection Regulation (GDPR). This regulation applies to all EU states. However, the geographic scope of the GDPR is not confined to EU states; GDPR rules apply to any organization dealing with an EU citizen.

The USA has a more mosaic approach to privacy, working at the state level. The most mature privacy legislation in the USA is the California Consumer Privacy Act (CCPA). Less stringent than GDPR,  the CCPA is expected to be updated in January 2023.

The EU has a harmonized approach to security legislation that applies across all EU states. The USA has until recently had a state-level or industry-specific approach to cybersecurity legislation.

What does the future of cybersecurity look like across the EU and the US?

The USA and the EU often find common ground for cooperation. In 2021, a joint US-EU statement was published stating they would work together to prevent ransomware attacks.

As we head towards 2023, although cyber-attacks will continue to challenge organisations in Europe and in the USA, collaboration between countries and sharing of threat intelligence will help mitigate cybercrime. Let’s work together to help stem this damaging tide by raising awareness and promoting cyber hygiene.