Cybersecurity: Raising awareness and building capacity. In Europe and beyond.

As the first fully-fledged “cybersecurity awareness month” draws to a close, it is important that we keep the dialogue and actions to improve cybersecurity going. The response to the European Commission initiative has been overwhelmingly positive, with governments, local authorities, advocacy groups and industry representatives staging events, competitions, social media campaigns, and even driving advertising on the topic – all in the name of ensuring that European citizens learn about online threats and what they can do to protect themselves.

As we continue to create awareness and strengthen cybersecurity skills of European citizens and businesses, improving trust in the security of public and private services online remains central to the long-term potential for economic growth and development that can be unleashed through the cyber ecosystem. We at Microsoft therefore welcome the policy and strategy initiatives that we have seen emerge in this space over the past year. The EU Draft Directive on Network and Information Security (NIS) and the accompanying EU Cybersecurity Strategy are two leading examples of European policymakers taking important steps to protect the critical infrastructure that powers their economies.

Microsoft fully supports the objective of fostering a secure and trustworthy digital environment in the EU and we have been an active participant in discussions on ways to achieve that objective. To ensure that the proposed NIS Directive fulfils its stated goals, a test of proportionality should be applied so that new security requirements and incident notification regimes are only be placed on organizations that deliver core services essential to maintaining national economic security, national public health or safety or any combination of those matters. An overly broad approach would jeopardize an otherwise well-intentioned policy objective. We also welcome the focus the European Parliament has placed on ensuring that the requirements introduced are coordinated with other existing legislation, such as the Data Protection Regulation and the ePrivacy Directive. This will be essential in ensuring that smaller operators especially, do not get overwhelmed by new requirements.

The European Commission effort is by no means isolated. Over 40 countries across the world currently have national cybersecurity strategies in place, including over 15 in Europe. The German government has been working on a legislative initiative that would further define the requirements and provisions in this space at the national level.

Others, such as the UK government and the European External Action Service (EEAS) are focusing on the all-important aspect of cybersecurity capacity building across the world, and particular in countries that do not necessarily have the same amount of resources at their disposal. Building cybersecurity capacity has many facets, including technology adoption, awareness raising, policy and strategy development, etc. and this is a topic we at Microsoft care a great deal about:

  • Partnering with Oxford Analytica we are launching a new report on the “Hierarchy of Needs of Internet Users” at an event we are organizing in London on October 31. The approach we developed through the interpretation of the Maslow Hierarchy of Needs seeks to guide governments in their national cybersecurity efforts by looking at the different stages of access, resilience, connectivity, trust and culminating in a discussion of the Internet’s ‘optimum state’. For more information please email;

  • We recently keynoted a panel on Cybersecurity Capacity Building during the much-noted Seoul Conference on Cyberspace (October 16-18) – see our blog on the event for details; and

  • We are excited to contribute to new EEAS effort on cybersecurity capacity building – stay tuned for more to come in this space.

As we continue to raise awareness about threats in cyberspace strengthening our cybersecurity capacity should be top of mind in Europe and beyond – and not just in October!

Jan Neutze
Director of Cybersecurity Policy, Microsoft EMEA

Jan Neutze is Director of Cybersecurity Policy responsible for cybersecurity policy matters in Europe, Middle East, and Africa. Before taking on Microsoft's EMEA security portfolio, Jan worked in Microsoft's Trustworthy Computing group at Microsoft Corp. in Redmond. In this role, he led engagement with governments and industry partners at an EU-level and in Germany, and developed corporate strategies on emerging cybersecurity policies, risk management, critical infrastructure protection, cybersecurity norms, and internet governance. Jan Neutze joined Microsoft from the United Nations Headquarters, where he served for three years in the policy planning staff of the UN Secretary-General and the Department of Political Affairs, leading a range of cybersecurity and counterterrorism projects. Prior to this, Jan served as program officer for foreign policy at the German Marshall Fund of the United States and as assistant director of the Program on Transatlantic Relations at the Atlantic Council of the United States. Jan Neutze holds a law degree from the Westphalian Wilhelms-University in Munster, Germany and an M.A. in security studies from Georgetown University's School of Foreign Service.