Here’s the translated text into American English:
CybersecurityCybersecurity solutions are essential in today’s era… remains one of the top concerns for European companies, especially in light of the growing threats from data breaches and security failures among third parties. According to the latest SecurityScorecard report on the top 100 companies in Europe, the findings highlight significant risks in key sectors and expose the vulnerability of many organizations to cybercrime. Below are the key findings and a sector breakdown based on the report.
Key Findings
The report analyzes a variety of indicators to assess the state of cybersecurity among leading companies in Europe, including network security, patching applications, malware infections, endpoint security, and DNS health. Among the highlights are:
- 98% of companies affected by third-party data breaches: Almost all of the analyzed companies reported that, in the past year, one of their partners or suppliers suffered a breach that compromised data security.
- 18% of companies with direct breaches: Although third-party breaches present the greatest risk, a significant number of companies have also experienced security incidents within their own systems.
- Supply chains as primary targets: 75% of breaches related to third parties have affected software and technological supply chains, underscoring the importance of protecting these critical links. Incidents like SolarWinds and Log4j illustrate these vulnerabilities.
- Unequal impact by sector: The most critical sectors, such as energy, show significant security deficiencies, while transportation leads in resilience.
Sector Overview
The report provides a detailed analysis of the state of cybersecurity across sectors. Below are the main results:
1. Energy: The Most Vulnerable Sector
- 75% with critical or poor scores (C or lower): Companies in the energy sector face the highest cybersecurity risks.
- 25% with direct breaches: One in four companies in the sector has experienced significant security incidents.
- This sector is one of the most exposed to targeted attacks due to its critical role in national infrastructure and supply chains.
2. Transportation: A Leader in Security
- Overall high scores: No company in the sector received poor grades (D or F), highlighting its robust approach to cybersecurity measures.
- Despite advancements, active monitoring remains necessary due to the sector’s importance in global logistics.
3. Technology and Software: A Constant Target
- 75% of third-party breaches affect technology supply chains: Technology companies are the most frequently targeted due to their role as providers of critical services.
- Vulnerabilities in software like Log4j underscore the importance of reinforcing development and oversight processes.
4. Finance and Insurance: Under Pressure from New Regulations
- The implementation of NIS2 and DORA in January 2025 will be a turning point, requiring companies in the financial sector to strengthen their cybersecurity resilience.
- The regulations demand that companies comply with stricter standards regarding risk oversight, especially those related to third parties.
Sector Summary Table
| Sector | Companies with Critical Scores (%) | Direct Breaches (%) | Average Score |
|---|---|---|---|
| Energy | 75% | 25% | C |
| Transportation | 0% | 5% | A |
| Technology/Software | 50% | 15% | B |
| Finance and Insurance | 30% | 20% | B- |
A Changing Context: Regulations and Solutions
The SecurityScorecard report also highlights the impact of new European regulations, such as the NIS2 Directive and the DORA law. These regulations aim to strengthen cybersecurity and operational resilience in key sectors, including finance, insurance, and technology.
NIS2 and DORA: The Regulatory Shift
- NIS2: Establishes stricter standards for the protection of critical infrastructures.
- DORA: Requires mandatory audits for financial institutions, focusing on operational resilience against cyberattacks.
Conclusions
The cybersecurity landscape in Europe shows progress in some sectors, such as transportation, but also reveals critical vulnerabilities in others, particularly in energy and technology. Third-party data breaches are a growing concern, underscoring the need for stricter risk management across supply chains.
The implementation of regulations like NIS2 and DORA marks an important step toward a safer environment, but its success will depend on companies’ ability to adapt to these new requirements. Ensuring long-term security will require fostering collaboration across sectors, investing in advanced defense technologies, and establishing a culture of proactive cybersecurity.