WG3: Sectoral Demand and Users Committee WG3: Sectoral Demand and Users Committee (Industry 4.0 & ICS, Energy, Transport, Finance, Public Services & eGov, Healthcare, Smart Cities, Telecom, Media & Content)

Engage directly with users (operators, companies, governments) to understand cyber threats, share information among trusted peers, link supply and demand, and act as a transversal WG that defines needs of the sectors for standardisation / certification; education, training and exercises; research / technologies; local / regional initiatives.

  • 4/2021, USERS COMMITTEE - Survey Analysis Report - CISO's Challenges and Priorities (download file)
  • 11/2020, USER COMMITTEE - Position Paper on the NIS Directive Review (download file)
  • 11/2020, USER COMMITTEE - GREEN PAPER- Challenges for CISO’s & Threat Intelligence Sharing (download file)
  • 3/2020, WG3 MEMBERS - Transportation sector report: Cybersecurity for road, rail, air and sea (download file)
  • 12/2018, WG3 MEMBERS - Position Paper - European Sector - Specific ISACs (download file)
  • 11/2018, WG3 MEMBERS - Energy networks and smart grids: Cybersecurity for the energy sector (download file)
  • 3/2018, WG3 MEMBERS - Smart cities and smart buildings sector report: Cybersecurity for the smart cities sector (download file)
  • 3/2018, WG3 MEMBERS - Healthcare sector report: Cybersecurity for the healthcare sector (download file)
  • 3/2018, WG3 MEMBERS - Industry 4.0 and ICS sector report (download file)
  • 3/2018, WG3 MEMBERS - Financial Services, ePayments And Insurance Sector Report: Cyber Security for the Finance and Insurance Sector (download file)


This document provides a thorough understanding of the Challenges and Priorities faced by Chief Information Security Officers (CISOs) or equivalent of companies operating in sectors such as energy, transport, finance, health, food, utilities, public sector, telecommunications, and manufacturing, among others.

The findings of this report are based on an EU-wide survey successfully run by ECSO from November 2020 to January 2021 addressed to CISOs or equivalent, from all over Europe and from a wide range of sectors.
With more than 100 CISO contributions, this document explores a wide panel of priorities and challenges for CISOs, both inside their organisations (three focus points: Certification, Code of Conduct, Board of Directors) and outside (two focus points: Information Sharing, Procurement).

The report proposes both a deep dive sector by sector analysis and a set of cross-sector recommendations on:

  • Staffing
  • Company culture
  • Strategic Information Sharing between CISOs
  • Budget and investments
  • CISOs Roles and Responsibilities

ECSO to launch a European CISO Community

As a result of this analysis, ECSO announces its intention to create the CISOs European Community (CEC) in the 2nd half of 2021. The CEC will establish a network of cross-sector and cross-border CISOs and facilitate information/strategic intelligence sharing among CISOs supported by a dedicated secure platform initiated by a special collaboration between Intesa Sanpaolo bank and Electricité de France (EDF).

All documents:

Survey Analysis Report: CISO's Challenges and Priorities - April 2021
Sector brochures: Energy, Finance, Health, Transport
Cross-sector recommendations

ECSO wants to engage directly with users (operators, companies, governments) to establish a true cybersecurity ecosystem, linking supply and demand. Through a dedicated Working Group on 'Sectoral demand', ECSO brings together cybersecurity stakeholders from various sectors in order to:

  • Provide recommendations on policy, technology, and strategy capacity /capability for sectors upon request of the European Institutions or other WGs. (Recommendations on the review of the NIS Directive; Input to WG1 on the definition of certification schemes, WG6 on R&I priorities; Establish collaboration with ISACs, ENISA and sectoral associations)
  • Mapping Sectoral needs and requirements (Sectoral Reports on needs and requirements; ECSO COVID-19 cybersecurity package)
  • Users Committee (Establishing trusted environment for information sharing and strategic threat intelligence among CISOs and peers from different sectors)


In September 2018, ECSO created its Users Committee (UC), a European transversal (cross-border and cross-sector) committee where Users and Operators of Essential Ser-vices (OES) can share sensitive information and strategic intelligence on cyber threats in a confidential and trusted way. The UC itself is autonomously attached to ECSO’s Working Group 3 “Sectoral demand” that represents Suppliers, Users and OES from different sectors – industry 4.0 / manufacturing, energy, transportation, finance, public services/e-government, healthcare, smart cities, and telecom/media/content.

The UC members are restricted to a network of European Chief Information Security Officers (CISOs) (or equivalent, i.e. C-level experts working close to CISOs or in cybersecurity responsibility positions) who provide strategic suggestions from a private sector and strategic operational perspective in order to tackle current and future challenges and needs for the cybersecurity solutions providers (CSSP) and more widely the cybersecurity market.

The UC has a quadruple approach to its portfolio of activities:

  • A network of European CISOs (or equivalent) across sectors and across borders
  • An open forum of exchange and discussions for lessons learned and best practices be-tween Users/OES
  • A trusted and confidential environment for strategic intelligence sharing among peers
  • Understanding of the needs, requirements, and challenges of a CISO and conveying these messages to the right actors


  • Provide Users/Operators with a space to discuss operational and security related issues in trust and confidence (understand the risks and threats by sharing non public and restricted information).
  • Share best practices, lessons learned and strategic intelligence between C level executives
  • Raise awareness among Users/Operators in general with regards to the dangers of cyber and their vulnerabilities
  • Support ECSO WG3 “Sectoral Demand” and provide recommendations for specific cybersecurity needs.

 The Working Group Chairs are

  • Charlotte Graire - AIRBUS
  • Gabriele Rizzo - Leonardo Company

The working group is segmented into the following sub-working groups:

SWG3.1: Industry 4.0 and ICS 

SWG3.2: Energy (oil, gas, electricity), and smart grids*

SWG3.3: Transportation (road, rail, air; sea, space)*

SWG3.4: Financial Services, e-payments and insurance*

SWG3.5: Public services, e-government, digital citizenship

SWG3.6: Healthcare*

SWG3.7: Smart cities and smart buildings (convergence of digital services for citizens) and other utilities

SWG3.8: Telecom, media and content 

*Priority sectors