at a time when the average cost of a cyber attack is estimated to be $1 million (some recent cyber incidents in aviation cost much more e. g. The €204 million fine imposed on British Airways by the UK Information Commissioner, ASCOS being shut down for 3 weeks), the goal of "just" complying with new cyber security regulations, whether aviation
related, such as CE 373/2017, or not, such as GDPR or the national implementation of CE 1148/2016 (the so-called NIS Directive), is now overtaken by events!

the entire document can be studied here !

Source: EUROCONTROL