All the latest UK technology news, reviews and analysis

EC wants enforced security reporting regime for private sector

05 Nov 2012
European Union flag

The European Commission (EC) is considering forcing private sector firms hit by security attacks to report these incidents to strengthen the region's cyber security information sharing culture.

The plan was unveiled by the vice president for the digital agenda, Neelie Kroes, during a speech at the Information Security Forum Conference in Chicago on Sunday.

"I am considering extending to new sectors (enablers of key internet services, banking, energy, transport, health, public administrations) the obligations to adopt risk management measures and to report significant incidents to competent authorities that currently apply in the telecom sector," she said.

This would form a central tenant of the European Strategy for Cyber Security that Kroes intends to submit for consideration in the near future.

She said this was a key part of the proposals as she is concerned private sector firms are too reticent to share information.

"I understand that companies do not share information due to fear of reputational damages or liability. But the lack of information sharing slows down the capability to react," she said.

"In particular when an incident has repercussions outside the organisation and the other parties affected are unaware of an imminent threat or an incident that has already taken place."

The EC vice president cited the recently uncovered slew of attacks targeting critical infrastructure businesses as proof that the current attitude towards data breaches could have disastrous consequences.

"Incidents and attacks are clearly on the rise. The number of web-based attacks went up 36 percent in the year 2011 [...] If we want to preserve and promote the benefits of the digital world, we must put cyber security on the top of the agenda," she said.

"Cyber security is a shared responsibility of public and private players and our policies strive to address this. I believe however that we need to do more."

As a result she said both the public and private sector must do more to improve information sharing.

"Networks and infrastructure are mainly privately owned and run. However, the private sector clearly lacks adequate incentives to invest in security and to be transparent regarding the threats faced and the incidents occurred," she said.

"Governments can not only provide the right incentives but also lead by example by strengthening their preparedness," said Kroes.

The threat of enforced security reporting comes after European Union justice commissioner Viviane Reding raised the potential of mandatory data breach reporting 18 months ago.

This would come into force as part of the Data Protection Directive, which is currently under consultation.

The EC confirmed the proposals outlined by Kroes were independent from those of Reding.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Windows 10 poll

What are your first impressions of Windows 10?

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Contract ASP.NET Developer

You will experience: Working within an AGILE environment...

C# Developer for small software house. Great Learning Opportunity

Small software house in the southwest. Great living conditions...

Junior Database & Application Developer

35 hours per week 1 year fixed term contract...

Systems Analyst

Our Client is a fast growing service provider in the...
To send to more than one email address, simply separate each address with a comma.