Top 5 Cyber Security Trends in Europe
At IDC’s UK & Ireland Security Summit 2023, on April 17, 2022, 60 security leaders from across the UK and Ireland discussed the key theme of the event — “Security Strategy 2023: Managing Risk to Enable Digital Business”.
The summit featured an impressive panel of speakers from our partners and the CISO community, complemented by insights from the IDC’s European Security and Privacy team. Based on the presentations, workshops, and roundtable discussions from over 20 sessions, our top five European cyber security trends are as follows:
- Threat Landscape
Security practitioners are aware that their attack surfaces are expanding due to digital transformation, remote work, IoT and mobile adoption, and an increasing reliance upon the Web for conducting all aspects of a business. Cyber threats facing organizations are diverse and fast-changing. The ability to understand and mitigate risk depends upon having a clear view on the complexity and dynamic nature of the threat landscape. Who might the threat actors be? How are they trading in terms of selling enterprises’ credentials and vulnerabilities? Employees and contractors at organizations continue to be a point of entry for successful cybercrime. This may be credential theft or more simply end users clicking on malicious links. Standards for security hygiene must be continually assessed and addressed; for example, avoidance of the use of guessable password formats, conducting regular back-ups on different mediums including immutable data back-up and limiting the use of unsanctioned IT or Bring Your Own Device (BYOD).
Businesses should challenge the security industry on how technology vendors and MSSPs can drive security behind the scenes; so that malicious URLs and emails do not appear in the inbox or browser in the first place. Thus, security should become more invisible and frictionless.
- The Evolving Security Leadership Role
IDC sees the CISO role as a communications conduit to the board and the C-Suite on strategic security topics. It has become important for security leaders to have expanded skills broader than the technicalities of security. The modern CISO needs the capability to understand the overall business strategy and direction: inevitably this will include digital transformation or digital business elements. The CISO must ensure that security outcomes delivered are consistent with business strategy and digital initiatives.
- The Importance of Cyber Crisis Readiness
A senior speaker from a European government national defence agency highlighted how demonstrations of crisis response during a major global sporting occasion was a valuable exercise, as it gave leaders first-hand experience of how the response to crisis is handled in a realistic scenario. In this example the crisis response group brought in senior government officials to witness crisis response activities. Major cyber-attacks on critical national infrastructure have become national security event, and predetermined crisis centres are essential to give the most effective response to serious incidents. The key takeaway is that security leaders should explore bringing the C-suite and Board into cyber crisis simulation “rooms” to imitate a major attack and use this to critically evaluate responses amongst the executive leadership, as well as build in muscle memory so that appropriate responses are more automatic.
- Generative AI
It’s agreed that generative AI will have a transformative effect across all aspects of the technology industry, including cyber security. Generative AI is already a major issue as far as cybersecurity is concerned, with generative AI, for example, making phishing attacks much harder to detect. Businesses and governments should be encouraged to move quickly in understanding and responding to these new threats. Unskilled would-be cyber criminals can potentially create malware code using OpenAI, and thus the barriers for entry are now lower than ever, which is driving up the number of potential threat actors and cyber-attack volumes. On the other hand, the application of generative AI can help security teams build up their defences, by applying generative AI to SOC automation and SIEM/SOAR triage.
- Security Skills Shortages and Lack of Diversity
There continues to be a major skills shortage in cybersecurity that’s been around for a decade. There are initiatives in place to address this, but organizations must do more to address the skills shortage and lack of diversity. MSSPs and security technology vendors should lead on up-skilling and diversity in the industry, by driving training programs, internal skills transfer programs, and efforts to encourage and motivate a more diverse workplace.
The Future of Rail and Air Travel Is Digital
Railways are becoming increasingly strategic. They are more energy efficient and pollute less than private vehicles, and they are 15 to 20 times safer than cars.
Compared with private vehicles, they do not entail any fixed cost for travellers. No wonder governments around the world are making huge investments in rail. For instance, 21 out of 27 EU member state national recovery plans have allocated billions to invest in electrification and modernisation of rail infrastructure. President Biden’s Bipartisan Infrastructure Law has nearly tripled funding for rail infrastructure — to $1 billion a year for the next five years.
Airlines struggled to survive when COVID reduced traffic to unprecedented levels. Fuel price increases and labour shortages compounded the effect of COVID by creating the urgency to profoundly rethink business and operating models, while regulators and passengers demand accelerated investment in environmental sustainability, such as more fuel-efficient traffic management, more sustainable fuels and, in the future, zero-emission aviation.
Both industries have reached an inflection point. Hiring more people and growing the size of fleets and number of routes will not be enough to increase capacity utilisation and offer more competitive and personalised services, while maintaining high safety standards and improving environmental sustainability. Achieving those strategic goals will require railway and airline executives to invest in technology innovation.
Bold Ambition for the Future Will Depend on Realising the Value of Technology Innovation
Railways and airlines have invested in technology for many years to deploy digital customer experience capabilities, such as loyalty programmes, self-service booking and mobile payments, intelligent asset and fleet management capabilities to enhance operational excellence, and scheduling of routes and dispatch to bring together high-capacity utilisation and safety.
However, our recent studies show that they are not standing still. They are now looking at the next generation of technologies, such as 5G, artificial intelligence and machine learning, IoT and edge computing, augmented and virtual reality, even quantum computing for traffic optimisation. They are not doing so for the sake of technology, but to achieve four interdependent strategic business goals:
- Increase operational efficiency, while targeting net-zero impact
- Increase capacity utilisation by combining intelligent scheduling, dispatch and traffic control systems to increase frequency of travel and smart predictive operations to help prevent delays and disruptions
- Ensure that efficiency goes hand in hand with safety and security, even with higher utilisation rates thanks to digitally enabled physical security systems, regulatory compliance of operations and cybersecurity
- Increase revenue growth through innovative service offerings, often by making their services and hubs — stations and airports — the anchors of a mobility-as-a-service ecosystem
To empower railway and airline executives to make strategic choices about next-generation technology investments, implement new organisational competencies and capacities that accelerate technology investment benefit realisation, and select tech partners that understand the technical and business evolution of their industry, IDC has launched new research on railways and airlines and transportation hubs.
Stay tuned for upcoming research on topics such as ticketing and revenue management, digital twins for intelligent operations, 5G and cybersecurity.
Getting Ready for ESG Reporting: Are You Afraid of CSRD?
In Europe, the primary driver for corporate sustainability initiatives is the EU’s Corporate Sustainability Reporting Directive (CSRD). It came into force in January 2023 at EU level and must be transposed into national law in all EU countries within 18 months (by mid-2024).
The EU CSRD aims to improve transparency and accountability around corporate sustainability performance. It also aims to accelerate the integration of environmental, social and governance (ESG) considerations into corporate business practices to support the transition to a more sustainable, inclusive economy.
From 2025, those companies already subject to the Non-Financial Reporting Directive (NFRD) — around 10,000 in Europe — will have to report on a variety of sustainability indicators for their FY24. In the following years, the CSRD will be widened to cover around 50,000 companies — all those listed on EU regulated markets with more than 250 employees, more than €40 million in revenues and/or more than €20 million in total assets. The directive also covers non-EU companies with operations in the EU.
Download eBook: Sustainability in EMEA: Opportunities for Tech Vendors, Challenges for Tech Buyers
The key differences to previous laws are:
- The introduction of standardised, mandatory sustainability metrics on companies’ policies, risks, impacts and outcomes relating to ESG issues
- The mandate to consider double materiality, i.e., identifying all potential negative and positive impacts on people and environment connected with a company’s own operations and its value chain
- The requirement that reported information is audited
- The requirement that reported information is digitally tagged to feed into a European single access point
Non-compliance can lead to sanctions and financial penalties, but also reputational damage.
Our recent surveys have revealed that most companies are in the very early stages of being able to meet these requirements. The measurement of value chain sustainability performance (including Scope 3 emissions and product life-cycle assessments) is very complex and requires the creation of new KPIs and respective data architectures that enable continuous data collection and analysis, real-time monitoring, automated performance reporting, and data assurance.
Register for the webcast: Sustainability in EMEA: The Challenge of Moving from Ambition to Action
Will CSRD Legislation Lead to the Same Last-Minute Rush and Soar in Penalties as with GDPR?
Remember when the GDPR came into effect in May 2018? Shortly before, there was a great rush as organisations prepared for compliance. Why? Because of the threat of severe penalties. And penalties were imposed: since its launch, hundreds of millions of euros of fines have been handed out by data protection authorities around Europe. In 2019, those fines totalled €73 million, rising to €172 million in 2020 and €1.3 billion in 2021 (source: enforcementtracker.com).
As with GDPR, CSRD legislation replaces older laws with new, stricter and better enforced legislation. While they are EU directives, both GDPR and CSRD have “extraterritoriality” enforcement, meaning regulators can fine organisations anywhere in the world if they have operations in the EU and do not comply.
The risks of not being prepared for CSRD are significant. If member states implement similar penalties or sanctions as for financial reporting legislation, organisations could face legal sanctions (imprisonment or disqualification of company directors), public reprimands or penalties, depending on the country-specific enaction.
Non-compliance could also result in reputational damage, loss of stakeholder confidence, allegations of greenwashing and legal action from non-governmental entities such as climate activists.
And it’s not just the CSRD. The EU is also working on a Supply Chain Due Diligence Directive that aims to mitigate the adverse impact of governance, environmental and human rights risks in the value chain of companies selling products within the EU. Many national governing bodies are implementing or tightening mandatory carbon emission and other sustainability regulations.
Investing now in efforts to prepare data collection, analysis and reporting capabilities will keep an organisation ahead of the curve as CSRD and other new sustainability regulations are put in place.
Reporting compliance and impacts on risk management are one thing. Forward-looking companies are going further and are acting on the metrics. They are developing disruptive strategies and road maps for sustainable business transformation that redesigns end-to-end value chains and breaks up traditional industry models.
Circular (instead of linear) economy approaches are emerging, innovation is sustainability driven and products and services are becoming “sustainable by design”. Those approaches — not yet widely seen — are the basis for future-proof organisations that will have a much lower risk profile, greater resilience and long-term strategic growth potential. And they won’t have to fear sustainability regulations.
Related Research
2023 Key Sustainability Trends and Developments in EMEA
Sustainability and ESG Readiness Among European Organizations
Other Resources
The Need for Harmonised ESG Reporting for Financial Entities
Key Sustainability Takeaways from the 2023 Hannover Messe
Sustainability was centre stage at the recent Hannover Messe, which was attended by more than 4,000 companies including the biggest and emerging technology vendors. This year, the focus was on technologies to support sustainable and climate neutral operations. Here are my main takeaways:
- Energy and resource efficiency: you can’t improve what you don’t measure. Given the ongoing energy crisis, companies are scrambling to seek new approaches to optimise their energy use. We estimate that more than 40% of manufacturers worldwide consider high energy costs a top 3 driver for investing in sustainability initiatives.
Several executives I spoke with said that till a few years ago companies did not focus much on where energy is used, how it is used and how much of it is wasted, but things are very different now. Several energy management solutions that can capture and analyse usage from end to end, while being scalable, can provide manufacturers with this level of visibility.
We estimate that close to 9 in 10 manufacturers globally have already invested in a resource or energy management system or plan to do so in the next 12 to 18 months.
- Tackling scope 3 emissions: collaboration is key. Regulatory and customer pressure are driving companies to look at their carbon footprint in a holistic way. On the regulation side, the EU Corporate Sustainability Reporting Directive (CSRD) recently came into force, requiring 50,000 companies to disclose sustainability-related information in their management reports.
Also, customers increasingly prefer to do business with suppliers with solid sustainability credentials. We estimate that 40% of companies worldwide consider more stringent requirements from customers (i.e., in RFQs) a key driver for investing in sustainability projects.
To manage and accurately report emissions data, cloud-based platforms that can contextualise, analyse and share sustainability-related data are becoming indispensable. In the same way, open and collaborative data ecosystems such as Catena X (in automotive value chains) enable the sharing of emissions-related data in a transparent and trustworthy way.
At Hannover, there were discussions on how this framework is being extended to the broader manufacturing sector (Manufacturing X) to create an interoperable ecosystem that supports resilient and sustainable manufacturing across all industries. Enabling manufacturers to track and manage their scope 3 emissions can have a real impact on achieving their net-zero targets.
- Circularity is driving sustainable innovation in manufacturing. A shortage of raw materials such as rare earths, as well as dealing with waste (including electronic waste), are also accelerating the shift to more circular business models. At Hannover, there was a lot of focus on battery production with tech vendors showcasing their solutions for end-to-end manufacturing from design with circularity in mind, enabling cost-effective and high-yield production, and their eventual recovery and remanufacturing.
We are also one step closer to the EU battery passport, with the first publicly available content guidance unveiled at Hannover, providing indications on how to comply with the EU Battery Regulation, which advocates for more sustainable and circular battery production.
- Thoughts for the future: what the industrial metaverse and generative AI mean for sustainability. Several companies showcased their value propositions in the industrial metaverse with initial use cases focused on worker augmentation and training and remote maintenance. It will be interesting to see more use cases for sustainability in future.
I also expect generative AI to gain more visibility at next year’s fair, having seen several examples of how it facilitates “interactions” with machines and increases worker productivity. In the near future, it will be great to see how it helps drive sustainability initiatives such as designing circular products or helping companies interpret complex ESG regulations.
IDC’s Manufacturing Insights team has prepared a list of 10 key trends from Hannover, including sustainability themes. Please get in touch, as the team will be happy to share our key takeaways with you.