Europe is emerging as a global leader in national cybersecurity enforcement. The European Union (EU) and countries connected to the Council of Europe and the European Economic Area, including Norway and Switzerland, have been most successful in implementing binding legal instruments in the area of cybercrime and cybersecurity. With impending EU legislation in place to mandate the protection of critical infrastructure, Europe will spend $35 billion in cybersecurity in this space by 2021, forecasts ABI Research.

The new Network and Information Security (NIS) Directive demands that critical infrastructure operators—including agriculture, energy, transport, pharmaceuticals, and even water and waste management—address cybersecurity, and will push them toward allocating budget to protect their infrastructure. Non-compliers will face significant financial repercussions.

“Europe remains a lucrative target, as it is a prosperous and highly-connected region,” says Michela Menting, Research Director at ABI Research. “The new directive will force operators to tackle cybersecurity issues in operational technologies, and notably in industrial settings, which is a huge step for many organizations.”

The UK is currently the top spender for cybersecurity, but the most cyber-prepared country is Norway. For all European players, forthcoming issues will revolve around cost and the complexity of implementation. The IT sector is already experiencing a shortage of cybersecurity professionals. For industrial settings, the gap between OT and IT skill sets is ominous, and a worrisome state of affairs.

Operators will likely have to lean heavily on outside security firms to help them follow proper implementation and execution. While ABI Research predicts that this will boost the OT security space, including cyber insurance and cyber auditing markets in the years ahead, it will also likely mean that it takes a few years for operators to get this right.

Despite the headaches businesses may initially face, though, the necessity of action and benefits to these policies are real. With the increased connectivity of critical infrastructures and the continued expansion of cyber threats, inaction could have dire consequences.

“Cyber terrorist attacks are an immediate threat,” concludes Menting. “And those terrorist organizations and cyber militants are going to target hospitals, power plants, public transport, water facilities, and beyond. These policies may seem revolutionary, but they are crucial to protect citizens.”