Smartphone in use

European businesses urged implement anti-cyber security systems

By: Jonathan Gill, vice president at Veracode EMEA
Published: Monday, November 11, 2013 - 15:51 GMT Jump to Comments

The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.

Cybercrime, cyber activism and cyber espionage have dominated headlines for the past several years. 

The recent drama surrounding the Edward Snowdon revelations coupled with the need to prepare for cyber terrorism and cyber war, have spurred the European Union to create the European Cyber Security Directive.

Just in the UK alone this year there were 50 million cyber-attacks, a number that is set to grow. 

While the need for this directive has never been clearer, the directive itself has caused some confusion among enterprises.

Research undertaken by The Ponemon Institute, backs up widespread concerns, that many organisations will not be ready for the Directive in time.

The study found that only 58 per cent of businesses currently identify security threats and 28 per cent do not have a formal risk management strategy applied consistently across their entire enterprise.

Such low figures show that a large number of businesses have a lot of work to do by the 2015 deadline.

There are two key requirements for businesses mandated in this Directive that they need to consider.

Adopted in July of this year, the Directive aims to create a set minimum level of preparedness for cyber-attacks at the national level. It will include an online platform to prevent and counter cross-border cyber-attacks, as well as implement an incident reporting strategy. 

Organisations will have to circulate early warnings of possible security risks – as soon as they are aware of them. The requirement to report breaches will help other companies avoid and learn from them, improving privacy and security universally.

In addition to requirements around breach notifications, the Directive introduces penalties for companies that do not comply with minimum security standards or do not take the steps necessary to improve their defences.

If an enterprise suffers a breach because it did not have sufficient IT security in place, the enterprise could receive a fine totalling up to 2 per cent of their annual global turnover.

This is a hugely significant mandate for businesses around the world, as it applies to any which operate in the EU, even if it’s headquartered elsewhere.

The EU has recognised that the Directive may be too big a burden for smaller businesses to bear so has excluded those that have less than 10 employees and those producing 2 million euros or less a year in profit.

Whilst this is welcome news for them, it still leaves a huge number of larger businesses at risk of failing to comply with the regulations. 

Public authorities, information society service providers, those that operate critical infrastructure as well as health sector organisations and banking are groups that could be particularly affected.

Businesses have two years to comply with the Directive, and organisations are being urged to use this timeline as an opportunity to strengthen their security systems as much as possible.

It’s already clear, however, that even with this generous timeframe; some of the world’s biggest businesses will not be prepared to meet the criteria set by their own governments.

Despite Prime Minister David Cameron’s attempts to cut EU ‘red tape’, organisations in the UK will not be exempt and could face hefty fiscal penalties.

As we move closer to the compliance deadline, it will be interesting to see how companies of all sizes go about meeting these requirements.

Jonathan brings a wealth of business and technology expertise to Veracode. He previously served as VP EMEA for Arcot, helping to deliver the successful acquisition of the company by CA Technologies in 2010. Prior to this, he spent five years with IBM Software Group, leading development of the company’s security software propositions in the UK.

The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of The Information Daily, its parent company or any associated businesses.

Comments

Latest

60 percent of millennials surveyed expect a consistent experience from brands, whether online, in store or via phone.

NHS organisations are more likely to buy something innovative that helps medical professionals do their job, rather…

Ian Jones talking about Leeds community driven open data projects at the Making a Difference With Data (MADwDATA)…

Technology may threaten jobs, but by resisting the advances promised by new technologies we run the risk of missing…

CCGs were invited to express a level of interest in co-commissioning. 196 of England’s 211 Clinical Commissioning…

Most of us read about the recent cyber-attack suffered by eBay when the auction site was forced to request that…

Public Health England have drawn together advanced data tools to better their diagnosis and surveillance of life-threatening…

Phil Neal discusses the findings of a new survey which reveals that challenges remain for children’s services…

Do you do digital? Take the test

The Information Daily is collaborating with Socitm to research organisations' commitment to and capability for a digital future.

Take the test

View Results

If you have already taken the test, you may view the latest detailed results by entering your email address below


Headline results so far: Results from 103 users

Corporate commitment: 47%
0%
100%
50%
Digital capability: 53%
0%
100%
50%

The pace of change in today’s IT world is moving faster than ever before, but with more options and expectations,…

Businesses are keen to offer a more personalised experience when engaging with their customers. But when does…

Supplying a government-backed sporting event is less risky than sponsoring one, but firms working for Glasgow…

Ather Abbas, Development Director of the Making a Difference with Data (MADwDATA) programme, discussing the challenges…