Menu
Optimising Cybersecurity Investments for the European Security Initiative

Optimising Cybersecurity Investments for the European Security Initiative

  • NTU
  • Cases
  • Optimising Cybersecurity Investments for the European Security Initiative

With cybersecurity emerging as a critical element for digital economies, this project aimed to refine EIB's approach to cybersecurity-related investments in alignment with the European Security Initiative (ESI). The project was focused on reviewing existing sectoral guidelines, developing a systematic methodology to assess and measure cybersecurity investments, and validating these approaches with project promoters. The outcomes ensured cybersecurity remained a precondition for investments with digital components, fostering resilience in critical infrastructures and IT systems across sectors.

Adobestock 567263962

Implementation

The project began with a review of the EIB’s guidelines, an assessment of cybersecurity investment gaps, and the development of a detailed work plan. In the Implementation Phase, the NTU team assessed the internal guidelines’ alignment with the EU cybersecurity policies, such as the NIS Directive and Cybersecurity Act. Based on these insights, a robust methodology for identifying and quantifying cybersecurity investments was developed. This methodology was practically applied during engagements with project promoters on selected EIB-financed projects. 

The estimates were compared with reported cybersecurity spending where available to validate the methodology and refine its application. Discussions with project promoters provided valuable insights into observed gaps, sector-specific challenges, and opportunities for improving cyber resilience.  The project concluded with actionable recommendations tailored to enhance cybersecurity investments across sectors.

Cyber Attacks 01

Impact

  • Standardising cybersecurity quantification by developing a robust methodology to estimate cybersecurity investments. It incorporated sector-specific risks, IT budgets, and cyber-threat exposure, which can be consistently applied across various sectors and projects. 

  • Validating practical methodologies by testing and refining the Identification of Cybersecurity Related Investment (ICRI) tool on real projects. 

  • Promoting data-driven decision making by leveraging credible data sources to inform investment strategies, overcoming challenges related to limited and sensitive data. 

  • Mitigating cyber risks by enhancing EIB’s ability to allocate resources efficiently. It supported projects that improve cyber resilience in critical sectors – transport, health, and communications.

SDGs:

SDG 9
SDG 16
SDG 17