Last Monday, the European Union decided on a cybersecurity law - the first law like this for the EU. According to this law, certain companies have to report certain security incidents to the authorities.
Who is affected?
Big companies like Amazon and Google as well as companies which handle sensitive data such as financial and health data will need to report serious incidents, IAPP reports. If the companies don’t report those incidents, they could face sanctions according to the new law.
The internet knows no border
“The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. This agreement is an important step in this direction”,
said the European Commission’s Digital Chief, Andrus Ansip according to Reuters. The new law, called “Network and Information Security Directive” could also be important to show consumers that they can trust in certain internet services.
More worries about cyber attacks
The number of cyber attacks has increased in the last year. Often, those attacks result in privacy breaches and also may affect a companies’ trade and business secrets.
Big cyber attacks in the US in 2015 were hacks of insurance companies, the internal revenue service and Harvard university. While some attacks are done for financial reasons, some attacks have a political background – and some are just done because hackers are able to do it; a hacker called “ThreatKing” attacked the New York Magazine because he had visited New York and hated it…
Under the new law, companies will have to notify serious incidents to national authorities which in turn will be able to impose sanctions on companies which fail to do so.
We will wait and see whether such a law will really help to prevent the attacks before they happen…