The CRA and the New EU Cybersecurity Architecture

May 23, 2024

By Gaelle Le Gars, asvin GmbH

As we approach the end of the Von der Leyen commission mandate, now feels like the appropriate time to review just how much the EU regulatory landscape has changed in the last four years and how these new rules will materialise as they come into effect.

To set the scene, here is a quick reminder of the size of the problem we are all dealing with: In 2020, according to figures quoted by ENISA, the cost of cybercrime to the global economy was €5.5 trillion. Also in 2020 a first NIST estimate for the cost of cybercrime to the US economy placed it in the range of 1% to 4% of its GDP. For 2024, most estimates hover around 10 trillion USD or approximately 10% of global GDP. Compare this to the size of the Cybersecurity market estimated somewhere around half a billion. All these figures are very broad estimates because – problem number one – we lack an agreed-upon definition for cybercrime. The latest attempt at a UN Treaty on Cybercrime appears to be stalling on this very point.

Yet most of us, personally or professionally, have already experienced cybercrime first hand. Several recent global surveys reported that 60% or more of organisations surveyed had experienced one or more cyber-attack in the year prior but only half those had reported the cyber-incident to the relevant authority.

Read more