After several years of debate, politicians in the European Parliament and European Union Council of Ministers have agreed upon EU-wide legislation aimed at improving cyber security. The Network and Information Security (NIS) Directive is set to have big implications for businesses operating across the EU.
The big effect the new directive will have on businesses is the part which states that any major service provider or operator of essential services must notify the authorities in case they suffer a cyber-attack that results in the loss of data. The directive also aims to put pressure on companies and organisations to make their cyber security robust enough to resist a cyber-attack. Failure to do so could result in hefty fines.
In its first phase the directive will apply to companies operating in the health, water supply, financial, transport and energy sectors.
"Trust and security are the very foundations of a Digital Single Market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure. The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. Last night's agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services," said Andrus Ansip, European Commission Vice-President for the Digital Single Market.
The NIS Directive was first suggested in 2013, but due to political wrangling the first draft has only now been approved by ministers.
European officials believe that cybersecurity breaches cost some $280-370 billion per year. The European Parliament and member states will consider whether to approve the new rules in the coming months.
If the text is formally approved by the European Parliament and the Council it will be published in the EU Official Journal and will officially enter into force. Once in place EU Member States will then have 21 months to implement the Directive into their national laws and 6 months more to identify operators of essential services.
How Can PGI Help You Prepare?
Is your organisation prepared for the new EU legislation? If you need advice on how to get your business ready contact the experts at PGI.
PGI will be able to support in a number of ways:
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.