That is why there is a need for a Europe-wide strategy to provide a comprehensive response to address the specific requirements of security in cyberspace, she said in Brussels.
Internet security is not a problem that is going to go away, but a safer internet can be achieved with an approach that is built on the single market, gives the right incentives to the private sector, invests in supply, and has an international outlook, said Kroes.
The strategy will "enable a step-change in how we ensure internet security. It will be embedded in our principles for internet governance," she said.
The Commission is due to present its plan for a "European strategy for internet security" in the third quarter of this year, which will ask EU member states to guarantee minimum capabilities to respond adequately to threats and share critical information in a secure and confidential manner.
Member states will be required to establish competent authorities to centralize information to enable the creation of a regional forum for collaboration with the private sector, support a European cyber incident contingency plan, and exchange best practices.
Kroes also wants to expand data breach notification obligations from the telecoms sector to other sectors that rely on critical information infrastructure, such as energy, water, finance and transport.
She pointed out that the recent World Economic Forum estimated that there is a one in 10 chance of a major breakdown of critical information infrastructure in the next decade.
"Prompt reporting means competent national authorities can react quickly to incidents and minimize their impact," she said.
Kroes also called for investment in innovation for security technologies, including through the EU budget. "We have called for proposals on how to fight botnets. But research alone isn't enough. We need to fill the gaps in the value chain, and seamlessly bring bright ideas to the market," she said.
This story was first published by Computer Weekly