The European Commission proposed changes to cyber-security policy aimed to better protect information systems of companies all across Europe against cyber-criminal attacks by having tens of thousands of companies report cyber-crime live.
“The more people rely on the Internet the more people rely on it to be secure,â€ said Neelie Kroes, EU Digital Agenda Commissioner. â€œA secure Internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action.”
The new initiative expects over 40,000 companies to immediately report all cyber-crime episodes as they occur to specialized national authorities to be set up in all member countries. These centers will work with local Computer Emergency Response Teams (CERT) to protect the security of national networks and provide on-the-spot intervention in case of attacks against firms and critical infrastructure units such as hospitals, transport companies, banks, and energy firms.
The national authorities will also be able to fine any company refusing to report a security breach or a cyber-attack, and decide whether to disclose the security incident to the public.
According to the EU, â€œa recent study by accountants PwC suggested that three quarters of UK small businesses, and 93% of large ones, had recently suffered a cyber-security breachâ€ which translates in tens of thousands of euros and reputational damage.
Cyber-attacks today are no longer the result of amateur work. People behind these attacks know exactly what they are doing and what their purpose is. And every time a company fails to immediately report a security incident the entire defense apparatus fails twice.