Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, February 19, 2013

How will EU cybersecurity directive affect business?

The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply. The directive means that, for the first time, companies will be under a legal obligation to ensure they have suitable IT security mechanisms in place, which is likely to boost IT spending across the EU. The real effect of the proposed directive begins to emerge in the light of the fact that it requires that all “market operators” to ensure that the networks and information systems under their control meet minimum security standards, to be laid down by the EU.

“This is huge,” said Stewart Room, partner at FFW, because the directive recognises that anything on the web that permits anyone to sell anything, offer information or engage with the rest of the world requires as much regulation as a telecommunications company.

This is the logical next step of an EU directive introduced in 2009 that required telcos and internet service providers not only to report all breaches of personal data, but also introduced a separate legal obligation to report all other data breaches in the interests of cyber security.

The important thing to note is that the proposed directive introduces the idea of a “market operator” which currently covers not only providers of information society services and critical infrastructure, but also organisations that fall into six broad categories.

In addition to the obvious large firms like Amazon, iTunes, PayPal, Google, LinkedIn and Facebook, the proposed directive will affect a whole range of other smaller organisations, potentially even down to the level of small family-owned businesses, said Room.

Theoretically, this will have the positive effect of improving the security and resilience of all networks and information systems, but this is a classic case of having to “be careful what you wish for,” he said, because the cost implications for businesses large and small could be enormous.

Whether or not the cyber threat is as bad as the EU, US and security technology suppliers are making it out to be, network and information system security will be the cost of doing business in a cyber-enabled world as old business models fade away and slip into history. 

Not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too “The big problem is not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too,” said Room.

Link: http://www.computerweekly.com/news/2240178256/How-will-EU-cybersecurity-directive-affect-business?utm_medium=EM&asrc=EM_ERU_20700092&utm_campaign=20130220_ERU%20Transmission%20for%2002/20/2013%20(UserUniverse:%20635379)_myka-reports@techtarget.com&utm_source=ERU&src=5109056

Posted on 02/19
RegulationsPermalink