What is ECSO? 

CYBERSECURITY MADE IN EUROPE label

• ECSO has recently created the CYBERSECURITY MADE IN EUROPE label, an industry-driven marketing tool aimed at supporting the role of European cybersecurity companies and increasing their visibility in the European and global markets.

This label has been developed due to the real need for a tool that meet their needs, together with a related gap in the European cybersecurity market. Its benefits from the outset are clear, as the label serves as a market differentiator by emphasising geographical location and makes the difference in the strategic value of the European cybersecurity companies. Therefore, the tool is not useful for increasing the visibility of the companies, not only to potential business partners but also to final users or the different investors in the cybersecurity sector.

In the global cybersecurity market, in which world powers such Russia, EEUU or China are beginning to play a leading role, Europe had to take a step forward and defend it position against the rest. Even more if we consider that the European market is clearly growing and is currently one of the five most important in the world. Moreover, its business and industrial network in cybersecurity is gradually gaining weight and, therefore, having a tool such as CYBERSECURITY MADE IN EUROPE was a pressing need to enhance the value of companies and organisations in the EU environment.

How to obtain the label?

The label can only be issued by ECSO and authorised partners. Companies or organisations that wish to apply for the label can choose any of the authorised partners, regardless of the country of origin of their headquarters, but always within the European Union.

The benefits of having it have already been discussed above, but it serves as a geographic market differentiator, gives strategic value to the company or organisation by giving importance to its European origin and increases its visibility to its potential cybersecurity market. The importance of belonging to the European sector is a guarantee of quality vis-à-vis other global companies and puts European cyber security in its rightful place.

The label itself is based on a self-declaration by the company as a certification tool, without an external technical audit. Furthermore, CYBERSECURITY MADE IN EUROPE is oriented towards European-based companies in the sector themselves, not towards specific cybersecurity products or services. Another advantage is that it is a quality add-on to other similar existing national labels.

All companies applying for the label have to meet a number of general requirements such as the company must be a legal entity based in Europe AND, if it is part of a group, the headquarters of the group must be registered in Europe. In addition, it must provide reasonable assurance that it is not controlled from outside the European area and have Europe as its principal place of business, demonstrating that more than 50% of its R&D activity is oriented towards cybersecurity and that more than 50% of its staff is in the EU, EFTA, EEA and UK countries.

Latest updates on ECSO

The European Cybersecurity Organization (ECSO), [16] comprised of over 300 members, has welcomed the publication of the NIS2 Implementation Act and provided feedback based on input from ECSO member organizations. Crucial points of their feedback:

• Excessive and non-proportional costs for implementing cybersecurity requirements. Cybersecurity controls should be risk-based, tailored to address the specific threats and vulnerabilities faced by individual entities, while avoiding unnecessary excessive and disproportionate costs.
• Ambiguous security requirements, whose implementation may not be streamlined.
• Highly extensive list of criteria for defining significant incidents might lead to over-reporting of incidents, causing additional financial and administrative burden on the affected entities.