The Digital Battlefield

In today’s world, war isn’t just fought with tanks and planes. A huge battleground exists in the digital realm, where countries and criminals try to steal secrets, disrupt services, and wreak havoc. Protecting our data and systems is a crucial task, and that’s where the European Union Agency for Cybersecurity (ENISA) comes in. But, is ENISA getting the resources and authority it needs to truly make a difference?

A Question of Resources

A recent written question (E-004413/2025) posed to the European Commission by Dimitris Tsiodras highlights a critical point: ENISA’s funding and mandate. Is the EU truly committed to strengthening this vital agency, or is it just paying lip service to cybersecurity? ENISA plays a pivotal role in helping member states improve their cyber defenses and respond to threats. However, a strong mandate without proper funding is like giving a soldier a plastic sword – it looks good but isn’t very effective.

More Than Just a Watchdog

ENISA’s responsibilities are broad. It advises the EU and member states on cybersecurity policies, helps coordinate responses to cyber incidents, and promotes research and development in the field. It’s not just a watchdog; it’s meant to be a proactive force in shaping a more secure digital landscape for Europe. The agency also has to deal with ever-evolving threats like ransomware, phishing, and attacks on critical infrastructure. So, do they have enough power to make binding rulings, or are they only able to suggest best practices? The difference is significant.

The Mandate Matters

Think about it: a stronger mandate could allow ENISA to set cybersecurity standards for essential services, such as energy, transportation, and healthcare. This would create a baseline level of security across the EU, making it harder for attackers to exploit vulnerabilities in one member state to gain access to others. Furthermore, it could empower ENISA to conduct audits and assessments of national cybersecurity agencies, ensuring that they are meeting their obligations and addressing emerging threats. But with a weak mandate, enforcement becomes difficult, and the effectiveness of the agency diminishes.

Money Talks: Following the Funding

Funding is the other crucial piece of the puzzle. Without sufficient financial resources, ENISA will struggle to attract and retain top talent, invest in cutting-edge technologies, and carry out its essential functions. A larger budget would allow ENISA to expand its research and development efforts, helping to develop innovative cybersecurity solutions that can be deployed across the EU. It would also enable the agency to provide more training and support to member states, helping them to build their own cybersecurity capabilities. We need to analyze where their money is coming from. Private companies? EU member states? And where does the money go? To make sure it is really improving security and not just vanishing into bureaucracy.

Europe’s Cybersecurity Future: A Moment of Truth

The question of ENISA’s future isn’t just about one agency; it’s about Europe’s commitment to cybersecurity as a whole. In an increasingly interconnected and digital world, cybersecurity is not a luxury; it’s a necessity. A strong and well-funded ENISA is essential for protecting Europe’s citizens, businesses, and critical infrastructure from the growing threat of cyberattacks. If Europe is serious about being a leader in the digital age, it needs to put its money where its mouth is and give ENISA the resources and authority it needs to succeed.

Beyond Funding: A Need for Collaboration

But strengthening ENISA isn’t just about money and power. It’s also about fostering greater collaboration and information sharing among member states. Cybersecurity threats often cross borders, and a coordinated response is essential. ENISA can play a vital role in facilitating this collaboration, by providing a platform for member states to share information about threats and vulnerabilities, and by helping to coordinate responses to major cyber incidents. The EU needs to break down the silos between national cybersecurity agencies and encourage them to work together more effectively.

Public Awareness and Education

Finally, it’s important to remember that cybersecurity is not just a technical issue; it’s also a human one. Many cyberattacks succeed because of human error, such as clicking on a phishing link or using a weak password. ENISA can play a role in raising public awareness about cybersecurity risks and educating citizens about how to protect themselves online. This could involve developing educational materials, running public awareness campaigns, and providing training to businesses and organizations. A more cyber-aware population is a more resilient population.

Conclusion: Time for Action

The written question regarding ENISA’s funding and mandate serves as a wake-up call. Europe faces a critical choice: either invest in a robust cybersecurity future or remain vulnerable to the ever-growing threat of cyberattacks. Strengthening ENISA is not just a matter of policy; it’s a matter of national security and economic prosperity. The time for debate is over; it’s time for action. The EU must provide ENISA with the resources, authority, and support it needs to protect Europe’s digital future.