Nearly 80% of InfoSec Leaders in Europe Foresee Critical Infrastructure Breaches Across Countries in Next Two Years

Research reveals biggest security worries and the impact of Europe's General Data Protection Regulation (GDPR) and the NIS Directive

Nov 14, 2017

SAN FRANCISCO, Nov. 14, 2017 /PRNewswire/ -- Europe's information security leaders are predicting widespread breaches in the next two years – and they don't feel prepared to handle, even with recent government initiatives.

Black Hat Europe 2017 will take place December 4-7 at the EXCEL London, in London, England.

In Black Hat's newest research report entitled, The Cyber Threat In Europe, findings are revealed from a September 2017 attendee survey of nearly 130 IT and security professionals from more than 15 European countries. The report details major concerns among the InfoSec community including critical infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements.

Black Hat is the most technical and relevant information security event series, and its attendees are one of the most experienced and highly trained audiences in the world. Of those surveyed for the report, many hold high-level positions within sectors spanning financial services, biotechnology, construction, healthcare, communication, and government.

Who is a Threat to Europe's Critical Infrastructure?
Almost half of the respondents cite a foreign power—terrorist organization, rogue nation or large nation-state—as the primary threat to Europe's critical infrastructure. 42% also attribute the biggest threat to cyber espionage by major nation states like Russia and China and attacks by rogue nations such as North Korea pose the biggest threat. Most respondents are primarily worried about a multi-country breach rather than a critical infrastructure breach limited to their own country. These fears are heightened as a result of previous events, including the 2015 and 2016 Ukraine power grid attacks.

What Role are the NIS Directive and GDPR Requirements Playing?
Only 11% believe that implementing the NIS Directive – the first Europe-wide legislation on cybersecurity – will make Europe's critical infrastructure more secure. Meanwhile, nearly 40% believe that a lack of required skills is the primary reason why security strategies fail, and the shortage is only being exacerbated by GDPR requirements at many organizations. Another 34% believe that implementing GDPR will add to the IT workload and budget, but won't have a major impact otherwise.

Why Are Organizations at Risk?
A troubling 65% of the respondents believe that they will have to respond to a major security incident within their organization in the next 12 months. Driving this thought is a lack of budget and staffing. Nearly 60% of the respondents say they do not have enough of a security budget to mount an adequate defense, while 62% say they do not have enough security staff to defend against modern cyber threats. Additionally, 62% fear that enterprise data in Europe has become less secure because of recent activities in Russia and China. 42% believe that European law should be changed so enterprises can take offensive action against attackers, suggesting that professionals are frustrated over the ability of attackers to go unscathed while governments grapple over questions of attribution and proportional response.

Download the Full Research Report 
These findings are an urgent call to planners in government and industry to adequately fund cybersecurity initiatives and ensure that regulatory mandates and compliance efforts are properly aligned with security imperatives. For actionable insights and more information related to these critical industry trends and findings, download a copy of The Cyber Threat In Europe, here:

Black Hat Europe 2017: December 4–7, London, UK
Drawing from this compelling research, Black Hat will host some of the brightest minds in the InfoSec community at Black Hat Europe 2017. The event will feature a robust program, spanning everything from smart grid and critical infrastructure vulnerabilities to mobile attacks, applied security, machine learning, and more. The event will take place December 4-7 at the EXCEL London, in London, England. For more information and to save 200 on your briefings pass by December 1, please visit: 

Connect with Black Hat (#BlackHat)

Future Black Hat Dates and Events

  • Black Hat Asia 2018, Singapore, March 20-23
  • Black Hat USA 2018, Las Vegas, Nevada, August 4-9

About Black Hat
For 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: Black Hat is organized by UBM plc. UBM is the largest pure-play B2B Events organizer in the world. Our 3,750+ people, based in more than 20 countries, serve more than 50 different sectors. Our deep knowledge and passion for these sectors allow us to create valuable experiences which enable our customers to succeed. Please visit for the latest news and information about UBM. 


SOURCE Black Hat

For further information: Kimberly Samra, Black Hat PR,