“This is huge,” said Stewart Room, partner at FFW, because the directive recognises that anything on the web that permits anyone to sell anything, offer information or engage with the rest of the world requires as much regulation as a telecommunications company.
This is the logical next step of an EU directive introduced in 2009 that required telcos and internet service providers not only to report all breaches of personal data, but also introduced a separate legal obligation to report all other data breaches in the interests of cyber security.
The important thing to note is that the proposed directive introduces the idea of a “market operator” which currently covers not only providers of information society services and critical infrastructure, but also organisations that fall into six broad categories.
In addition to the obvious large firms like Amazon, iTunes, PayPal, Google, LinkedIn and Facebook, the proposed directive will affect a whole range of other smaller organisations, potentially even down to the level of small family-owned businesses, said Room.
Theoretically, this will have the positive effect of improving the security and resilience of all networks and information systems, but this is a classic case of having to “be careful what you wish for,” he said, because the cost implications for businesses large and small could be enormous.
Whether or not the cyber threat is as bad as the EU, US and security technology suppliers are making it out to be, network and information system security will be the cost of doing business in a cyber-enabled world as old business models fade away and slip into history.
Not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too “The big problem is not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too,” said Room.
Link: http://www.computerweekly.com/news/2240178256/How-will-EU-cybersecurity-directive-affect-business?utm_medium=EM&asrc=EM_ERU_20700092&utm_campaign=20130220_ERU%20Transmission%20for%2002/20/2013%20(UserUniverse:%20635379)_myka-reports@techtarget.com&utm_source=ERU&src=5109056