Less Talk, More Security: Cyber Lessons Learned from Munich
Less Talk, More Security: Cyber Lessons Learned from Munich
https://cepa.org/article/less-talk-more-security-cyber-lessons-learned-from-munich/
Publish Date: 2026-03-18 15:08:00
Source Domain: cepa.org
Awareness of cyber threats has risen dramatically in recent years. Policymakers, industry leaders, and security practitioners now broadly acknowledge that cybersecurity is a core component of national and economic security. That recognition is an important first step — but awareness alone does not automatically translate into meaningful action.
In many cases, growing urgency has produced a cascade of regulations, reporting requirements, and compliance frameworks without clear measures of success. Too often, bureaucratic processes create the illusion that compliance equals security. Real cybersecurity, however, requires actionable steps, operational capability, and measurable outcomes that demonstrably reduce risk.
In February 2026, on the sidelines of the Munich Security Conference and the Munich Cyber Security Conference, Trusted Future and the Center for European Policy Analysis (CEPA) co-hosted a private discussion exploring how to move toward a results-oriented cybersecurity model. The discussion was co-chaired by Admiral Michael Rogers (ret.), former Director of the National Security Agency and Commander of US CyberCommand, and Ieva Ilves, Cyber Policy Advisor to the Government of Ukraine.
Held under the Chatham House Rule, the roundtable brought together cybersecurity experts, policymakers, and practitioners from more than thirteen countries, primarily across Europe.
Avoiding the “Compliance Trap”
A central theme of the discussion was the need to avoid what participants described as the “compliance trap.”
European cybersecurity policy — particularly the implementation of the Network and Information Security 2 (NIS2) directive — illustrates a growing paradox. While median organizational information security spending in Europe has reportedly doubled (from approximately €0.7 million to €1.4 million), cyber incidents across the EU increased year-over-year according to…
