RiskFinancial CrimeEU Cyber Security Directive Poses Risk Challenge for European Corporates

EU Cyber Security Directive Poses Risk Challenge for European Corporates

New European Union (EU) legislation on cyber security will result in complex technological, process and governance challenges for organisations across Europe, according to Marsh.

The insurance broking and risk advisory group reports that following a vote earlier this month by the EU’s committee on civil liberties, justice and home affairs (LIBE), far-reaching changes to data protection regulation, which will replace 1995’s Data Protection Directive (95/46/EC), are a step closer to being introduced next year.

The new regulation means that as well as redesigning their IT systems, companies involved in the collection and processing of personal data will also be required to update their compliance procedures.

Designed to respond to the evolving technological environment in which EU citizens live and work, the measures detailed in the proposed regulation include: fines of up to €100m or 5% of global turnover, whichever is the greater; stringent authorisation regarding the transfer of data to non-EU countries; the ‘right to be forgotten’; and the appointment of a data protection officer in organisations that process more than 5,000 records in a 12 month period.

“The cost to business of implementing the changes required to comply with this piece of regulation may be significant, but the cost of failing to comply could be far greater,” said Stephen Wares, Marsh’s cyber liability practice leader for Europe, the Middle East and Africa (EMEA).

“It is clear that there is a strong will from the EU to give national regulators increased powers, with the suggested fining structure acting as an effective deterrent for non-compliance.

“While the deadline for implementation next year remains fluid, organisations should start considering the effect of the regulation on their operations and begin a process for ensuring compliance. Firms should also consider the effectiveness of their existing insurance arrangements and whether there are other alternatives that could more adequately provide the protection needed to reflect their changing risk profile.”

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

4m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

6m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

6m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

7m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

11m Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

11m Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

11m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

11m Keiron Dalton