The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
As the number of cyber-attacks grows annually, European Member States are called upon to take concrete actions to significantly increase cybersecurity awareness amongst citizens. To be successful, it is essential that awareness-raising, guidelines and training are fully incorporated in their national cybersecurity strategies.
It was in this context that the EU Agency for Cybersecurity, ENISA, organised the 9th National Cybersecurity Strategies (NCSS) workshop on good practices for awareness-raising and capacity-building amongst citizens, spotlighting a report entitled Raising awareness as a key element of National Cybersecurity Strategies. The workshop also featured the National Capabilities Assessment Framework (NCAF) tool and the development of a European Information Hub framework.
The report, which thoroughly assesses Member States’ national awareness activities and plans, is aimed at supporting their efforts to further build their cybersecurity capacities based on best practices. The deep dive on methodologies and approaches used by Member States covers planning, awareness-raising activities, performance indicators and impact. It also includes twenty structured interviews with national authorities conducted between May and July 2021.
The report targets the following stakeholders:
Summary of the Recommendations
Recommendations revolve around good practices, challenges and lessons learnt, showing Member States how to increase the effectiveness of national awareness-raising activities. The recommendations are based on the following four axes:
#1 Building capacities for cybersecurity awareness through national cybersecurity strategies (NCSS): Facilitate stakeholders towards understanding the scope and the necessity of cybersecurity awareness-raising, specifying the main goals and who it applies to.
#2 Making regular assessments of cybersecurity trends and challenges: Conduct analyses and reports of the threat environment. Ensure steps are taken towards a higher degree of awareness with the wider public top of mind.
#3 Measuring cybersecurity behaviour: Provide for a quantitative measurement for cybersecurity, taking into account the mindsets and behavioural patterns of EU citizens on cybersecurity.
#4 Planning for cybersecurity awareness campaigns: Enable appropriate messaging in a professional manner.