{"id":1721,"date":"2013-02-19T00:00:00","date_gmt":"2013-02-19T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/19\/how-will-eu-cybersecurity-directive-affect-business\/"},"modified":"2021-12-30T11:39:53","modified_gmt":"2021-12-30T11:39:53","slug":"how-will-eu-cybersecurity-directive-affect-business","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/19\/how-will-eu-cybersecurity-directive-affect-business\/","title":{"rendered":"How will EU cybersecurity directive affect business?"},"content":{"rendered":"<p>The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply. The directive means that, for the first time, companies will be under a legal obligation to ensure they have suitable IT security mechanisms in place, which is likely to boost IT spending across the EU. The real effect of the proposed directive begins to emerge in the light of the fact that it requires that all \u201cmarket operators\u201d to ensure that the networks and information systems under their control meet minimum security standards, to be laid down by the EU.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThis is huge,\u201d said Stewart Room, partner at FFW, because the directive recognises that anything on the web that permits anyone to sell anything, offer information or engage with the rest of the world requires as much regulation as a telecommunications company.<\/p>\n<p>This is the logical next step of an EU directive introduced in 2009 that required telcos and internet service providers not only to report all breaches of personal data, but also introduced a separate legal obligation to report all other data breaches in the interests of cyber security.<\/p>\n<p>The important thing to note is that the proposed directive introduces the idea of a \u201cmarket operator\u201d which currently covers not only providers of information society services and critical infrastructure, but also organisations that fall into six broad categories.<\/p>\n<p>In addition to the obvious large firms like Amazon, iTunes, PayPal, Google, LinkedIn and Facebook, the proposed directive will affect a whole range of other smaller organisations, potentially even down to the level of small family-owned businesses, said Room.<\/p>\n<p>Theoretically, this will have the positive effect of improving the security and resilience of all networks and information systems, but this is a classic case of having to \u201cbe careful what you wish for,\u201d he said, because the cost implications for businesses large and small could be enormous.<\/p>\n<p>Whether or not the cyber threat is as bad as the EU, US and security technology suppliers are making it out to be, network and information system security will be the cost of doing business in a cyber-enabled world as old business models fade away and slip into history.  <\/p>\n<p>Not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too \u201cThe big problem is not every company is as rich as Google, Facebook and the like, and this proposed directive will not only affect those big companies, much smaller ones will be covered too,\u201d said Room.<\/p>\n<p>Link: http:\/\/www.computerweekly.com\/news\/2240178256\/How-will-EU-cybersecurity-directive-affect-business?utm_medium=EM&#038;asrc=EM_ERU_20700092&#038;utm_campaign=20130220_ERU%20Transmission%20for%2002\/20\/2013%20(UserUniverse:%20635379)_myka-reports@techtarget.com&#038;utm_source=ERU&#038;src=5109056<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1721","post","type-post","status-publish","format-standard","hentry","category-regulations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1721"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1721\/revisions"}],"predecessor-version":[{"id":4208,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1721\/revisions\/4208"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}