Editor’s Note: Cost effectiveness will be crucial to the success of the President’s forthcoming cybersecurity Executive Order.
From: FierceEnterpriseCommunications
Total cost of compliance could range between €1 billion and €2 billion
By Fred Donovan
U.S. companies with operations in Europe would have to comply with a proposed European Union (EU) directive on network and information security that would require firms in certain sectors to report security breaches to national authorities.
“Operators of critical infrastructures in some sectors (financial services, transport, energy, health), enablers of information society services (notably: app stores, e-commerce platforms, Internet payment, cloud computing, search engines, social networks) and public administrations must adopt risk management practices and report major security incidents on their core services,” the EU said in a statement.
The EU estimates that the total cost for enterprises to comply with the directive’s requirements would range between €1 billion and €2 billion. The compliance costs for small and medium size enterprises would be between €2,500 and €5,000.
Stewart Baker, a partner at Steptoe & Johnson LLP in Washington and a former assistant secretary at the Department of Homeland Security, said the proposed EU directive would be a “game changer” for U.S. companies. “It covers banks, aviation, and Internet companies, including cloud and e-commerce providers. If companies are required to report breaches in Europe, they won’t be able to avoid reporting breaches in the U.S. as well,” Baker said in an interview with Bloomberg.
Leave a Reply