Cybersecurity: why reducing the cost of cyberattacks matters

From stolen data to blocked hospital systems: cyberattacks can have perilous consequences. Learn more about cybersecurity and its importance.

Cyberattacks are on the rise. At best they are an inconvenience; at worst they put people's lives and livelihoods at risk.

The digital transformation of the economy and society has accelerated in recent years, creating opportunities as well as challenges such as cybersecurity. As our lives increasingly rely on digital technologies, cyberattack are becoming more costly. Cybersecurity has become very important and a key EU priority.

A heavy reliance on digital technologies

The areas that are most at risk of cyberattacks as they rely heavily on newtorks and information systems include transport, energy, healthcare, telecommunications and digital infrastructure, banks and financial markets, security, democratic processes, space and defence. Cybersecurity also involves personal devices, operating systems and devices connected to the internet, such as alarm systems and even new refrigerators.

The use of digital solutions has long been on the rise and teleworking, online shopping and keeping in touch online rose sharply during lockdown. These solutions can benefit consumers and support the economy and the post-Covid recovery. However, there has been a corresponding increase in malicious cyber activities.

22.3 billion

Estimate of the number internet of things devices in use by 2024


  • Cyberattacks are attempts to misuse information, by stealing, destroying or exposing it and they aim to disrupt or destroy computer systems and networks
  • Cybersecurity includes information and communication security, operational technology and the IT platforms required to ensure the safety of digital systems
  • Cyberdefence includes cybersecurity and threat analyses and strategies to protect against threats directed at citizens, institutions and governments

Cyber threats in the EU: personal and societal costs

Economic costs of cybercrime

Attackers may use phishing websites and emails with malicious links and attachments to steal banking information or blackmail organisations after blocking their IT systems and data.

A secure cyberspace is the basis for the EU's digital single market: enabling solutions and unlocking its full potential by making people confident online. According to an EU survey published in May 2022, 28% of European small and medium-sized enterprises experienced cybercrime in 2021.

Learn more about how to protect yourself from cybercrime

€5.5 trillion

Annual cost of cybercrime to the global economy in 2020, which is double that of 2015 (estimate by the European Commission)

Impact on democracy

The damage caused by cyberattacks goes beyond the economy and finance, affecting the very democratic foundations of the EU and threatening the basic functioning of society. For example, disinformation and misinformation campaigns are one of the tools of cyberwarfare. The Threat Landscape 2022 report by the EU Agency for Cybersecurity (Enisa) mentions bots pretending to be real people flooding government agencies with fake comments. The spread of deepfakes and AI-based disinformation weakens the credibility and trust in information, media and journalism.

Cyberattacks targeting peace and security

Cyberattacks, deployed with for example disinformation, economic pressure and conventional armed attacks, are testing the resilience of democratic states and institutions, directly targeting peace and security in the EU. According to Enisa, during the Russian war in Ukraine, cyberattacks are going hand in hand with conventional military action. Hackers aim to destroy and disrupt the functioning of governmental agencies and critical infrastructure entities, also to undermine public trust in the country’s leadership.

Consequences for essential services and critical sectors

Essential services and critical sectors such as transport, energy, health and finance, have become increasingly dependent on digital technologies. This, together with the increase in physical objects connected to the Internet of things, can have direct consequences, including making cybersecurity a matter of life and death.

From cyberattacks on hospitals, causing them to postpone urgent medical procedures, to attacks on power grids and water supply - attackers are threatening the supply of essential services. Cyberattacks can involve millions of people at the same time. For example, a ransomware hacker attack in May 2021 shut down most of Ireland’s health services for several hours, which had repercussions for weeks afterwards.  And as cars and homes become increasingly connected, they could be threatened or exploited in unforeseen ways.

EU measures to boost cybersecurity

Businesses and organisations in the EU spend significantly less on cybersecurity than their US counterparts. In order to ensure that hospitals, banks and energy providers are safe and our democracy and institutions are functioning well, the EU needs to invest in strong cybersecurity for essential services and critical infrastructure and upgrade EU-wide laws.

The European Union has been working to strengthen cybersecurity. In November 2022, Parliament adopted the directive on the security of network and information systems (NIS2), outlining comprehensive rules to strengthen EU-wide resilience. Also in November 2022, MEPs passed laws to increase the resilience of the EU’s financial sector to cyberattack with the digital operational resilience act (Dora).

Parliament gave its final approval to rules improving the protection of the EU’s essential infrastructure, including digital infrastructure, on 22 November 2022. The legislation tightens the risk assessments and reporting requirements for critical organisations in 11 essential sectors.

Check out more on how the EU shapes the digital world