Cyber Security – New EEC Directive

Cyber Security - New EEC Directive

This week the EEC announced  the first cyber security law , the Network and Information Security Directive . This is a security and reporting directive for companies in critical businesses sectors such as transport , energy , health and finance. This will also apply to to the likes of Google and Amazon .

http://www.bbc.co.uk/news/technology-35038424

The directive is primarily two fold :-

1.Requirement of companies to report cyber security breaches

2.Requirement of companies to ensure that they have a secure digital infrastructure in place.

A body of teams will be set up manage incidents in the shape of Computer Security Incidents Response Teams (CSIRTS).

This is likely to ensure greater visibility of cyber crime and data breaches within companies. The impact of which could have commercial consequences as to whether companies can be considered to have adequate cyber security in place by its trading partners . The emphasis of this law is clearly to encourage companies to address their  cyber security and it would be prudent that companies are proactive now in order to be ready for the implementation of this law which is anticipated to come into force within the next two years .

This is a timely decision, as in the US this week , the Federal Trade Commsssion won a lawsuit against Wyndham Worldwide Corporation who failed to properly safeguard customers information . Three separate data breaches were suffered affecting 619,000 customers and led to $10.60M in fraudulent credit card charges. As a result of this Wyndham will be required to improve all aspects of their cyber security.

This new directive should not be confused with the General Data Protection Regulation which will bring unformity to data protection laws in the EEC and compulsory data breach notification for all businesses.

The impact of this new directive will no doubt provide insurers in the cyber liability insurance market with some much needed comfort as one of their focuses in their rating and assessment of exposures is the level of cyber security.

If  this is going to improve it will eventually impact on premiums and conceivably exert downward pressure on premium rates.

 

Cyber Security Threats for 2016

Cyber Security Threats for 2016

Cyber security will remain a high profile issue for businesses  as we move into 2016.

Many small businesses do not appreciate the speed at which cyber related exposures are developing and the importance of robust cyber security being in place , it is therefore vitally important to be aware of these as businesses are nowadays almost 100% reliant on technology.

Existing cyber security risks will develop and new ones are likely to emerge, some examples of these are as follows:-

  • Outdated technology may be susceptible to unauthorised access from a hacker if patching has not been carried out on a regular basis.
  • Current security procedures need to be updated to keep pace with the sophistication of hackers  techniques.
  • Forgotten maintenance of the Internet may lead to opportunities for hackers
  • The Internet of Things will provided increased connectivity between many more devices and has the potential to produce vulnerabilities in security loop holes.
  • Businesses are increasing moving towards the use of cloud providers and therefore being able to monitor data is likely to become more difficult. With the abolishment of the Safe Harbour this will have of particular impact to firms trading in the USA.
  • Perceived increased focus by hackers on small businesses that may not have the same standard of IT security as larger companies.

The underlying message is that the cyber risk landscape is constantly evolving and businesses must be increasing on their guard to anticipate this by updating and improving their existing cyber security.