One of the reasons is a »significant shortage of cybersecurity professionals across the EU,« Olesen explains. In addition, alert fatigue is a real problem. According to a Mandiant report from 2023, 69 percent of respondents said they believe their IT employees »feel overwhelmed« by incoming alerts and data. Another challenge is the fact that European cybersecurity efforts lack funding. »We need to find better funding mechanisms for these entities in Europe,« says Olesen. When, in early 2022, cyberattacks hit oil terminals in Germany, the Netherlands and Belgium, they caused huge disruption and impacted the flow of oil products such as diesel, gasoline and heating oil in the region. The incident shows how hacking attacks targeting sensitive supply chains can cause harm across the economy. »Europe is betting on a fully digital economy where predictive maintenance, real-time logistics and AI-driven services create more efficiencies in every sector, from vineyards to steel mills. That convergence multiplies productivity, but it also fuses once-separate risk pools into a single fault line: a flaw in an IoT gateway or shared API can ripple across industries in minutes,« Smeets says. Olesen adds that protecting businesses’ intellectual property or critical infrastructure is essential for maintaining Europe’s competitiveness.
AI can help enhance cybersecurity defences
Artificial intelligence is a driver of change in this ever-evolving cat-and-mouse game between attackers and defenders. On the one hand, deep-fakes and voice mimicry have increased the effectiveness of personalised social-engineering attacks, and AI tools help attackers to find vulnerabilities or understand stolen files. On the other hand, artificial intelligence can help enhance cybersecurity defences by automating repetitive tasks and identifying vulnerabilities, leading to faster detection and reaction. For example, Google Cloud’s VirusTotal uses AI to determine whether unknown files are malicious. Google Cloud’s Anti-Money Laundering product uses machine learning to identify suspicious financial activities. And AI-powered Enhanced Safe Browsing sends millions of warnings to users who want to access malicious websites. AI has so much potential that in future it could even reverse what’s known as the »Defender‘s Dilemma«: while attackers just need one new technology to break through defences, defenders need to deploy a variety of defences at all times, without any margin for error.
In 2023, Google published the Secure AI Framework (SAIF) in order to start a development that leads to AI models being secure-by-default when implemented. A year later, Google and other industry leaders formed the Coalition for Secure AI, creating an open ecosystem of AI and security experts dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. These types of collaborations are essential to spread best practices across public and private sectors and help to unlock AI’s potential for giving the defender a decisive advantage over attackers.