Speech Neelie Kroes High Level meeting Cyber Security 12/5/16

May 19th 2016 | by:


Ladies and gentlemen,


Recently I met Tim Berners Lee on the Board of the Open Data Institute in London. Tim is one of the founders of the World Wide Web in 1989.

He told me that – together with the Internet – he could never have imagined the enormous impact these two inventions are having on the global economy and society. All in less than three decades.

Nowadays we can organize our travel and order our meals via our mobile phones. We can make payments across the globe. We can Skype with our friends and family.

Via our mobiles we can be located constantly, in order to provide us the best services from Google Maps. In real time we can find out what the latest political news is in Turkey, Brussels or Washington. And what the public thinks of this via Twitter.  Your I-phone is so popular, that even the FBI in some cases, would like to get into it.

These are just examples from everyday life. Examples from what we hold in the palm of our hand.

It has all become so normal, that we forget how deeply integrated digitization is in our economy and society. We tend to forget how critical it has become.

Digitization is now in the veins of all our economic sectors. It has become the heartbeat of innovation. It functions as the handshake of all our personal and business contacts. The Internet has become the backbone of our lives; of our industry and start-ups; science and the open society.

And we tend to trust it. Our confidence in the integrity and security of our digital infrastructures and devices is the essence of its success. This trust not only keeps the end user happy. It also gives millions of people a job; generates billions of investments per year; it keeps shareholder value in tact, and – I dare say - even keeps political power in tact.

This is becoming even more important, because we are standing on the doorstep of completely new developments in digitization.

At the same time, cyber threats are becoming more sophisticated, more frequent and more severe every day.

Why is this so serious?


For instance: A clever hacker in Asia can make financial transactions of millions of people in Europe impossible.

Consequently this can cause widespread disruption of business. Furthermore it can undermine trust in digital solutions and hamper the economy. Hampering the economy will cause social unrest in society, with forthcoming political consequences.

We can also project these cases on energy supply or air traffic with 10.000 airplanes flying across the globe.

My point is: Because of the systemic nature of digitization, the impact of cybercrime, -terrorism, -espionage (and all other sorts of threats) will be exponentially bigger.  And we need to prevent these domino effects from happening.

Cyber threats are not just an IT-issue. It is a socio-economic and political matter of the highest level. Cyber threats are not just a business problem, or a national problem. Cyber threats go global and affect us all.

As I just mentioned: There is a whole new future lying ahead of us. It will be a future, which will be guided by two things: multiple connectivity and big data. In other words: we will live and work under the new digital umbrella of being ‘smart’.

The Internet of Things will connect physical objects, like cars, buildings or household devices. Smart grids, smart homes, smart cities, smart care will make our lives more efficient and of higher quality.

Driverless cars will replace ‘careless drivers’. And much more than that. It will transform our whole automotive industry.

The energy sector will undergo a profound transformation, which involves new roles for suppliers, users, distributers and owners. Former users can become the new suppliers. Nothing is fixed anymore.

The future impact will dig even deeper into existing economic models. The secure environment of the Blockchain and other FinTech developments could make banks obsolete.

Talking about Data. Our future economy will be data driven. Data is the new oil. Founders of disruptive data-based startups are the new Sheiks. They will pay fortunes to get the best software engineers, who will create even more innovative products with these data.

You can use Facebook, Google and Twitter for free, if you give them all your data. All these companies are now transforming their business models. Google is entering healthcare and mobility.

And no one can tell you anymore, who actually will own the data you once provided. Nor where they will be stored exactly. Data privacy and data security will become interwoven policy matters.

From a commercial perspective, we are entering the new Gold rush. Commissioner Oettinger calculated that digitization of products and services can add more than 110 billion Euros of annual revenue in Europe in the next five years. That is not what we call pocket money.

However, if we hold that against the costs of cyber crime for companies on a global scale, it is peanuts. The British Insurance company Lloyds estimated the total costs in 2015 on 400 billion dollars.

For the Netherlands alone, the costs are estimated on 10 billion euro’s a year. With similar figures for Germany and the UK.

I could go on and on. Why do I mention all these developments?

Because cyber security has to be seen in the context of al these rapid systemic changes.

Cyber security, just like legislation, needs to become pro-active. It needs to keep up with developments. Not chase them and hold them back.

Cyber security, just like legislation, should run parallel to digital innovation. Not as something separate and as something reactive.

Not as just a patch, when vulnerability shows up. Not as just response, to seek out the trouble caused by neglecting digital systems or the ignorance of the users. 

Cyber security should safeguard permanent resilience within our digital infrastructure and digital value chain. Because of its strategic importance, both the public and the private sector have an equally important role to play here.


Ladies and gentlemen,


In my opinion, policy and legislation have not yet caught up with the rapidly progressing reality of Internet and digitization. Let alone, that they have caught up with the importance of cyber security.

Being Dutch and in the past as a Minister responsible for the Delta works to protect us from consequences caused by living under the Sea level, I can tell you this. We don’t need a natural disaster and a human catastrophe to act, when the evidence already surrounds you.  It is not a matter of ‘if’, but of ‘when’ it will happen.

So, what should we do?

1. First of all: Stop being naive

Greater Internet connectivity will mean greater Internet dependency. And this means greater societal and economical – and even geo-political -vulnerability.  The more dependent you become, the more vulnerable you are.

We need to acknowledge this situation. Not only as politicians, as CEO’s, or policy makers. But also as scientists, as well as citizens.

Maintaining trust in the Digital Economy is not only key, it is part of our competitive advantage. If Europe is known as a secure digital place to do business, we will attract investors, talent and companies.

This costs a lot of money, no doubt! But it will be peanuts compared to the money and the human costs you have to pay in the case of incidents or disasters.

Therefor we have to continuously invest. We should develop our (Delta-) plan for raising awareness, organizing prevention and being resilient against the rising levels of cybercrime and other forms of cyber threats.


2. Secondly: Reinforce European cooperation

The Internet does not acknowledge borders. The Digital Single Market aims to get rid of them.

The NIS legislation looks great on paper, but will only become meaningful if Member States intensify cooperation rapidly; if they increase public-private investment in cyber security dramatically and see information exchange as a pivotal way to become resilient against attacks.

This should be a priority and I plea to you all of you to contribute to this. Cyber security only is effective when you organize it cross border.


3. Thirdly: invest strongly in innovation and research cooperation.

Last autumn I visited the Israeli Cyber Security Institute Beersheba in the Negev desert. Top notch, top quality, top talent.

Much to my surprise, large European corporates like telecom and airline companies where amongst their main clients. 

I wondered: why don’t we combine our best scientists; our biggest investors; our corporate innovative capacity; our disruptive startups and the knowledge of our intelligence services? Apparently Deutsche Telekom prefers to do business with the Israeli’s, where our Horizon 2020 program does not offer satisfying solutions.

Or to punch even harder: When will ENISA be able to play a decisive role in the European cyber security landscape?


4. Fourthly: innovate public-private cooperation

The increasing connectivity also requires new public-private cooperation models across the whole value chain of digital infrastructures, devices, investors, products, legislation and users.

Or perhaps we should not think so much in ‘value chains’, but more of integrated platforms with trusted partners, where we test and apply the latest innovations. Where we involve public procurement and legislation at an early stage. Where we make sure American and Asian investors don’t buy our best cyber startups.


5. And last, but not least: Take responsibility

If one organization plays the key role, we all lean backward. Therefor, I would not recommend one Minister for IT or digitization, as is often called for in the Dutch press.

I would recommend an integrated digital agenda within every Ministry, which acknowledges and stimulates the potential for its field. Which develops future oriented regulation and identifies risks, cyber threats and cyber responses together with the main stakeholders. Of course there is always a role for better coordination, but coordination can never take the responsibility of the main stakeholders.


Ladies and gentlemen,

The future of our digital society and economy goes hand in hand with the level of trust and the level of cyber security. They are inseparable.

Digital innovation and digital security should be core business to every department; every economic sector, every industry and every citizen.

You are the ones who can make the difference today.  You hold the position, the expertise and the key to the networks.

I challenge you to take this responsibility. You can bring this strategic topic of cyber security to the broadest and highest operational level.

Our shared goal should not just be an Internet of Things. If we want to make it smart, it should be a Secure Internet for Everyone and Everything.



Download document: