Innovation in cybersecurity is a key enabler to facilitate progress in the NIS industry, boost employment in the cybersecurity sector and growth of EU GDP. ENISA published a report that analyses the current landscape for supporting innovation in cybersecurity in the EU.
The study presents good practices and challenges from the Member States whilst trying to execute innovation as a strategic priority of their National Cyber Security Strategies (NCCS).
“The CSA, the NIS Directive and the GDPR incentivised innovation in relevant areas of cybersecurity and data protection. To encounter current and emerging cybersecurity risks and threats, EU Member States need to strengthen and adjust their national capabilities by developing innovative solutions and objectives under their NCSS,” said Juhan Lepassaar, Executive Director of ENISA.
Different approaches to innovation
Member States follow different approaches to support innovation in the context of National Cyber Security Strategies. In some cases, Member States promote the creation of new skills and capabilities around digital competences.
In other cases, they create networks of stakeholders giving them a mandate on innovation. These networks are either government driven, such as INCIBE, the National Cybersecurity Agency in Spain or industry driven, such as Cyber Ireland. Innovation activities are also driven by national institutions and research centres such as NASK Poland.
Governments should align with industry needs
There is difficulty for governments to understand the needs of the industry, as well as to develop expertise in dealing with Public Private Partnerships.
To align with industry needs and identify opportunities for adopting or commercialising research outcomes, Member States need to involve industry directly in research and innovation activities.
Sector specific innovation priorities are needed
Dedicated funding mechanisms and initiatives often focus on varied research and innovative objectives rather than being specific on cybersecurity. Supporting and developing sector specific innovation priorities is important for coordinating alternative funding mechanisms and develop a sectorial approach to innovation in cybersecurity.
It is necessary to take into account different cybersecurity needs across sectors and develop sector specific innovation priorities both at National and EU level.
Lengthy procurement processes
Lengthy procurement processes prevent SMEs and innovative companies such as start-ups to offer their services to the public sectors. Supporting adequate level of funding and providing economic incentives such as tax incentives may accelerate the adoption of new technologies, products and services.
The Swedish Innovation Agency allocates a large amount of funds for innovation in cybersecurity.
Geographical clusters support innovation
Geographical clusters are important mechanisms that support innovation. There are several initiative that bring people together, such as the Brussels initiative on Cybersecurity Innovation.
How to enhance trust for users
Promoting EU level certification of services/products would enhance trust for users within the EU and provide a stamp of approval for international markets.