The health and medicine sector are increasingly digitized, a trend that will accelerate with more widespread adoption of artificial intelligence, wearables and internet of things-based healthcare. Yet, this digital transformation carries notable cybersecurity threats. While there is ample...

As a continuation of the ENISA report Cybersecurity Education Initiatives in the EU Member States, ENISA aims to understand the maturity of cybersecurity in primary and secondary education in each MS to further allow the creation of specific material to support cybersecurity education according...

The increasing number of cyberattacks affecting digital products, coupled with widespread vulnerabilities and insufficient timely security updates, creates heavy financial burdens on society. In response, the European Commission has drafted the Cyber Resilience Act (CRA), a new proposal for...

Taking into account the main third-party cybersecurity assessments methodologies for ICT products and cloud services as well as the number of assessment bodies, the report presents the current state of play of cybersecurity assessments based on the past 5 years data. This study aims at analysing...

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends largely on the level of risk that EU Member States (MS)...

This report covers the topic of cybersecurity of Low Earth Orbit (LEO) constellations delivering telecommunications services (LEO satcom in short). The key specifics of an LEO satcom system may be summed up as (a) many assets forming the space and ground segments and (b) a worldwide distribution...

This paper examines the dispersion in cybersecurity risk across firms. Using new, proprietary data on the Fortune 500 firms, We show that higher productivity firms exhibit abnormal returns. We subsequently document three new facts: (a) higher productivity firms have fewer cybersecurity...

The aim of this paper is to analyze how effective internal audit of cybersecurity is. We developed a Cybersecurity Audit Index composed of three dimensions (planning, performing and reporting) to address this question. We hypothesize that CSA effectiveness is positively related to cyber risk...

In an earlier work entitled Regulating Cybersecurity, I argued that cyber defense should be understood not just as a matter for law enforcement and the armed forces, but as a regulatory problem in need of regulatory solutions. This companion article proposes a series of market-based responses to...

Every company is undoubtedly under attack from hackers. Many companies have suffered data breaches resulting from cybersecurity. In Britain and the United States, the legal privilege strategy has been developed to shield companies after a cyber-attack from tortious liability. However, unlike in...