Moreover, as a borderless communication instrument, digital information systems, inparticular the internet, are interconnected across Member States and play an essential role infacilitating the cross-border movement of goods, services and people. Substantial disruptionof these systems in one Member State can affect other Member States and the EU as a whole.The resilience and stability of network and information systems is therefore essential to thecompletion of the Digital Single Market and the smooth functioning of the Internal Market.The likelihood and frequency of incidents and the inability to ensure efficient protection alsoundermine public trust and confidence in network and information services: for example, the2012 Eurobarometer on Cybersecurity found that 38
% of EU internet users are concernedabout the safety of online payments and have changed their behaviour because of concernswith security issues: 18
% are less likely to buy goods online and 15
% are less likely to useonline banking
.The current situation in the EU, reflecting the purely voluntary approach followed so far, doesnot provide sufficient protection against NIS incidents and risks across the EU. Existing NIScapabilities and mechanisms are simply insufficient to keep pace with the fast-changinglandscape of threats and to ensure a common high level of protection in all the MemberStates.Despite the initiatives undertaken, the Member States have very different levels of capabilitiesand preparedness, leading to fragmented approaches across the EU. Given the fact thatnetworks and systems are interconnected, the overall NIS of the EU is weakened by thoseMember States with an insufficient level of protection. This situation also hinders the creationof trust among peers, which is a prerequisite for cooperation and information sharing. As aresult, there is cooperation only among a minority of Member States with a high level of capabilities.Therefore, there is currently no effective mechanism at EU level for effective cooperation andcollaboration and for trusted information sharing on NIS incidents and risks among theMember States.
This may result in uncoordinated regulatory interventions, incoherentstrategies and divergent standards, leading to insufficient protection against NIS across theEU. Internal Market barriers may also arise, generating compliance costs for companiesoperating in more than one Member State.