As we said yesterday, cyber security can cost you. And now, with EU-wide cyber security rules coming into play by 2017, your business will be governed by more stringent demands than ever – and you could pay the price if you aren’t up to speed. But, as always, following good security practice is important anyway…
At the moment there’s no strategic, coherent approach to breaches affecting companies within the EU, but as more businesses – and more rule-makers – realise that attacks are inevitable, MEPs and ministers from the 28 countries have agreed that rules need to be put into place.
Typically, businesses might try and keep information on the down low if they’re breached – understandably, it’s a bit embarrassing and not great for businesses letting the world know you’ve been hacked. But stopping the flow of information can actually be more harmful in the long run, as other companies can’t learn from your mistakes, and you can’t learn from theirs. At the end of the day, the more systems that are infiltrated the stronger attackers get and the worse it is for business. Enter the new Information and Security directive.
The aim of the new rules is to tackle this ‘every country is an island’ approach by laying out some coherent guidelines for all member states in the wake of high-profile cyber-attacks, and fears that key infrastructure (like airports or power stations) could be next.
The rules would mean that, for the first time, tech firms and those running critical services would have to report breaches, and would lay out a minimum protocol for banks, and energy and water firms. It’s looking pretty likely they’ll also cover online marketplaces like eBay and Amazon, and search engines like Google. Some may not like it, but everyone will know where they stand and it should mean better security strategies, so everyone’s a winner. Apart from the attackers; not them.
Ultimately it would mean that member states would need to cooperate more on cyber security issues – including reporting breaches and helping other member states secure infrastructure – essentially providing a united front against cyber-attacks.
The rules would cover the 28 EU countries and seeing as the European Agency for Network and Information Security (Enisa) reckons breaches – whether from human error, attacks, or system failures – result in annual losses ranging from £188bn to £246bn, it’s about time!
“Today, a milestone has been achieved: we have agreed on the first ever EU-wide cybersecurity rules, which the Parliament has advocated for years,” said German MEP Andreas Schwab, after the deal was agreed.
The chair of the final round of talks, MEP Vicky Ford, explained that it’s “a hugely complex piece of legislation”, and that “we have set up a network which will enable experts from each of the 28 countries in the EU to share and develop best practice in network security, whilst not compromising any individual member state’s own national security measures.”
It’s still got to get the final go-ahead from the European Parliament and individual governments, and then businesses will have two years to comply. Before that though, there’s another set of regulations coming in from the European Commission called the European Union General Data Protection Regulation, hot on the heels of the fallen Safe Harbour agreement. A new report, from intralinks and Ovum, suggests that 52% of global companies could well be fined for non-compliance when it’s introduced; so, to keep up good practice and avoid potentially hefty fines, ensure both are on your radar and that you’re prepared!
For more information on the security solutions available at UKFast take a look at our website or give us a call on 0208 045 4945.