European Cybersecurity Reflections 2024

European Cybersecurity Reflections 2024

Posted on By rehan.rafique No Comments on European Cybersecurity Reflections 2024

This time of year is perfect for reflection—looking back at the challenges and successes of 2024 while anticipating the opportunities and changes that 2025 will bring. As we prepare to enjoy the holidays with family and friends, celebrating with cozy gatherings, delicious food, and cheerful toasts to the new year, we’d like to take a moment to share our reflections on what shaped European cybersecurity, risk, and privacy markets over the past year.

A year of legislative transformation

2024 was marked by a flurry of legislative activity in the European Union, particularly in cybersecurity, risk, privacy, and artificial intelligence. Key highlights include:

  • Digital Services Act (DSA) & Digital Markets Act (DMA): These regulations took effect, aiming to create balanced digital ecosystems that foster innovation while protecting consumer rights.
  • NIS2 Directive: By October 17, 2024, EU member states were required to transpose this directive into national law to strengthen the resilience of critical infrastructure. Unfortunately, delays remain in most countries. Currently only Belgium, Italy, Latvia, Lithuania, Hungary and Croatia have transposed the Directive into national laws.
  • Cyber Resilience Act: Adopted by the Council, this act will start applying 36 months after its entry into force, with select provisions taking effect earlier.  While obligations regarding reporting for vulnerabilities kick in, in 2026 organizations should start investigating the impact of the act in 2025.
  • ePrivacy Regulation: Still in draft form, this legislation is intended to complement the GDPR, providing specific rules for electronic communications.
  • EU AI Act: Formally adopted in May, this regulation paves the way for the responsible development and deployment of artificial intelligence. Read in our predictions what we expect when it comes to 2025.
  • Digital Operational Resilience Act (DORA): The financial sector focused heavily on preparing for compliance with DORA, which takes effect in January 2025.

2024 was a significant year for European cybersecurity regulations. Going into 2025, the focus will be on implementation of this avalanche of regulation. We also expect to see this regulation play a role in shaping the global agenda for cyber regulation and what the outline of AI regulation should look like. Many will see the European regulation as strangling innovation and miring European enterprises in red tape – others will see it as a model for how to regulate cyber and AI.

Geopolitical tensions and cyber warfare

Geopolitical tensions escalated in 2024, amplifying cyber threats:

  • State-Sponsored Attacks: Energy grids, healthcare systems, and transportation networks faced growing risks from nation-state attackers. Examples in 2024 have included a cyberattack on Germany’s main opposition party in June shortly before the European Parliament elections and a major ransomware attack in Romania that took down 25 hospitals.  Suspicions coalesce around the typical state sponsored threat actors associated with China, Iran, Russia, North Korea and other malign non-state threat actors.
  • Hybrid Warfare: Cyberattacks were integrated into misinformation campaigns and other hybrid tactics, such as the recent interference in elections in Romania and Moldova attributed to Russian Hybrid Warfare tactics. Also expect further curious “accidents” impacting undersea cables in sensitive areas like the Baltic Sea to continue in 2025.
  • EU Cyber Defense Initiatives: The EU reinforced its Joint Cyber Unit and expanded collaborative efforts, including Cyber Rapid Response Teams (CRRTs), to combat these threats. With a more uncertain commitment to European defence from the incoming US administration, expect more to be spent bolstering EU cyber defences in 2025 and beyond.

The evolving role of the CISO
Over the past few years we have seen changes in the role of the CISO across Europe.
CISOs are shifting from purely technical experts to strategic leaders, with boards expecting them to show value for security investment and translate technical risks into business risks.

European CISOs are also expected to make industry contributions, via sharing best practices, participating in public policy discussions, or speaking at conferences. CISO’s need to make sure they balance higher levels of external contributions with spending enough time focused on the job at hand, and with your own security team, a balance that not all get right.

Want to know our predictions for 2025? Forrester clients can read Forrester’s full predictions reports for Europe and cybersecurity, risk, and privacy.

Happy holidays!

Market Research

More Related Articles

Trends, Growth Drivers, and Innovations Trends, Growth Drivers, and Innovations Market Research
Global Vacuum Mixing Devices Market Overview to Reach USD 214.9 Million by 2034 at a 2.4% of CAGR – Market Research Blog Global Vacuum Mixing Devices Market Overview to Reach USD 214.9 Million by 2034 at a 2.4% of CAGR – Market Research Blog Market Research
How is Artificial Intelligence in Supply chain going to change the world in the upcoming year – Syndicate Market Research Blog How is Artificial Intelligence in Supply chain going to change the world in the upcoming year – Syndicate Market Research Blog Market Research
Analyze HDPE Prices, Trend, Historical and Forecast Data Analyze HDPE Prices, Trend, Historical and Forecast Data Market Research
Building a Qualitative Research Dream Team: How to Sharpen Your Researchers’ Skills for Maximum Impact Building a Qualitative Research Dream Team: How to Sharpen Your Researchers’ Skills for Maximum Impact Market Research
We Are In The Up Cycle For The Oil Tanker Market We Are In The Up Cycle For The Oil Tanker Market Market Research

Leave a Reply

Your email address will not be published. Required fields are marked *