The Capgemini eGovernment Benchmark report indicates that less than 1% of all public service pages for citizens in the EU meet all 13 security criteria. The only country whose websites meet all requirements is the Netherlands.
Filip Brzóska, Chief Information Security Officer at Capgemini Poland, comments:
Protection against cyber security threats is one of the main priorities of EU policy, essential to maintaining resilient digital supply chains and infrastructure. This translates into, among other things, the creation of legal regulations that directly address cybersecurity, such as NIS2 or DORA, or laws with wider application such as the AI Act.
Capgemini’s research has shown that in security tests, 50% of websites with public services for citizens obtained a positive result. It is concerning that, of all the evaluated government portals in the 27 EU countries, less than 1% received a positive score for all 13 security criteria. Only 3% of websites prevent a wide range of cross-site scripting and clickjacking attacks (content security policy), and only 10% provide a secure HTTPS connection, which prevents third parties from reading or altering content sent between the user and the website.
Fortunately, almost all websites prevent reading site content and accessing users’ private information by foreign pages (cross-origin resource sharing at 95%) and encrypt data transmitted between the user’s browser and the website (94%).
Capgemini’s assessment is based on two publicly available tools: Internet.nl and Mozilla Observatory. These tools are used to perform a basic test that provides preliminary guidance on website security. It should be noted that these tests only provide a directional understanding of security, not a full, comprehensive assessment of cybersecurity.
Positive results do not guarantee a completely secure site, just as negative results do not necessarily mean that a site is dangerous. It may happen, for example, that undetected alternative cybersecurity solutions exist on a given page.
The study results should be treated as a warning signal, but they are definitely not a call for panic. Taking care of cybersecurity is continuous work, in which cunning and innovation are necessary. After all, cyber criminals are also constantly pondering what new methods they can adopt. Of course, there is work to be done in the EU, and all countries, apart from the Netherlands, which passed the test with flying colors, should urgently improve the cybersecurity of their public services. Of course, even the best-rated countries should not rest on their laurels. Constant development and vigilance is required to ensure citizens’ cybersecurity.
Source: https://managerplus.pl/uslugi-publiczne-online-w-ue-wymagaja-poprawy-bezpieczenstwa-59963