How will EU cybersecurity directive affect business?
From: ComputerWeekly.com
Warwick Ashford
Since the publication of the EU’s proposed cyber security strategy and supporting directive, much of the focus has been on how difficult it will be to implement and how effective it will be in improving data security. But what effect will it have on business?
The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply.
he directive means that, for the first time, companies will be under a legal obligation to ensure they have suitable IT security mechanisms in place, which is likely to boost IT spending across the EU.
Conversely, it will mean additional income for the IT security industry as businesses are forced to find money to invest in whatever additional security technologies they need to become compliant.
Shake up for whole online industry
Bad news for most, but good news for some. But that is not the end of it. A closer look at what the EU is proposing reveals that the directive in its current form could shake up the whole online industry.
In fact, any organisation that provides any services online will fundamentally have to change the way its business operates, according to law firmField Fisher Waterhouse (FFW).
“This is huge,” said Stewart Room, partner at FFW, because the directive recognises that anything on the web that permits anyone to sell anything, offer information or engage with the rest of the world requires as much regulation as a telecommunications company.
For telcos, this will help to level the playing field, because “over the top” (OTT) providers such as Skype have enjoyed a financial advantage from being unregulated on cyber security issues and have enjoy financial advantage. Telcos have been subject to effective cyber security regulation since the late 1990s.
This is the logical next step of an EU directive introduced in 2009 that required telcos and internet service providers not only to report all breaches of personal data, but also introduced a separate legal obligation to report all other data breaches in the interests of cyber security.
“This is a little known fact, and it is purely about the cyber security of networks,” said Stewart Room. “It recognises that telecommunications networks form a platform that everything else relies on in terms of electronic communications.”
Print article |