During a parliamentary hearing, Juhan Lepassaar, the executive director of the European Union Agency for Cybersecurity, raised concerns about discrepancies in the allocation of funds by the European Commission.
Lepassaar pointed out that the commission’s funding allocation does not adequately reflect the increased cyber risks faced, especially after Russia’s invasion of Ukraine.
Despite the growing cyber threats, the commission has been reluctant to provide additional investments, citing the absence of new tasks.
Lepassaar highlighted the need for increased cybersecurity investments across EU organizations, emphasizing that the private sector allocates about 7% of its IT budget to cybersecurity, whereas the public sector, including the European Commission, allocates a much lower percentage.
Furthermore, Lepassaar expressed concerns about the funding shortfall being exacerbated by the commission’s new cyber legislative proposals.
These proposals could impose new operational requirements on ENISA (European Union Agency for Cybersecurity) without corresponding investment support.
The recently reached political agreement between the European Parliament and Council on enhancing cybersecurity requirements includes the Cyber Resilience Act and EU Cyber Solidarity Act.
Lepassaar argued that these acts introduce new tasks for ENISA without proper consultation or understanding of the resources needed to fulfill the organization’s responsibilities, creating challenges in adapting to the evolving cyberthreat landscape.
