All the latest UK technology news, reviews and analysis

EC wants enforced security reporting regime for private sector

05 Nov 2012
European Union flag

The European Commission (EC) is considering forcing private sector firms hit by security attacks to report these incidents to strengthen the region's cyber security information sharing culture.

The plan was unveiled by the vice president for the digital agenda, Neelie Kroes, during a speech at the Information Security Forum Conference in Chicago on Sunday.

"I am considering extending to new sectors (enablers of key internet services, banking, energy, transport, health, public administrations) the obligations to adopt risk management measures and to report significant incidents to competent authorities that currently apply in the telecom sector," she said.

This would form a central tenant of the European Strategy for Cyber Security that Kroes intends to submit for consideration in the near future.

She said this was a key part of the proposals as she is concerned private sector firms are too reticent to share information.

"I understand that companies do not share information due to fear of reputational damages or liability. But the lack of information sharing slows down the capability to react," she said.

"In particular when an incident has repercussions outside the organisation and the other parties affected are unaware of an imminent threat or an incident that has already taken place."

The EC vice president cited the recently uncovered slew of attacks targeting critical infrastructure businesses as proof that the current attitude towards data breaches could have disastrous consequences.

"Incidents and attacks are clearly on the rise. The number of web-based attacks went up 36 percent in the year 2011 [...] If we want to preserve and promote the benefits of the digital world, we must put cyber security on the top of the agenda," she said.

"Cyber security is a shared responsibility of public and private players and our policies strive to address this. I believe however that we need to do more."

As a result she said both the public and private sector must do more to improve information sharing.

"Networks and infrastructure are mainly privately owned and run. However, the private sector clearly lacks adequate incentives to invest in security and to be transparent regarding the threats faced and the incidents occurred," she said.

"Governments can not only provide the right incentives but also lead by example by strengthening their preparedness," said Kroes.

The threat of enforced security reporting comes after European Union justice commissioner Viviane Reding raised the potential of mandatory data breach reporting 18 months ago.

This would come into force as part of the Data Protection Directive, which is currently under consultation.

The EC confirmed the proposals outlined by Kroes were independent from those of Reding.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Senior Desktop Engineer / Desktop Engineer

Senior Desktop Engineer / Desktop Engineer – The Kent...

IT Service Support Analyst

The Health and Care Professions Council (HCPC) is a regulator...

Senior Analyst Programmer (Application Development) X2

Senior Analyst Programmer (Application Development) X2...
To send to more than one email address, simply separate each address with a comma.