EU proposes new cybercrime reporting rules

 
European cybercrime centre A European cybercrime centre was opened in The Hague last month

Related Stories

Over 40,000 firms, including energy providers, banks and hospitals could be required to report cyber-break-ins under new rules proposed by the EU.

It is part of a move to intensify global efforts to fight cybercrime.

Digital agenda commissioner Neelie Kroes said that Europe needed to improve how it dealt with cybersecurity.

But firms are concerned that reporting online attacks and security breaches might damage their reputations.

Many breaches

The EU is keen that member states share information about attacks and shore up their cyber-defences.

Under the proposals, each country would have to appoint a Computer Emergency Response Team and create an authority to whom companies would report breaches.

These new bodies would decide whether to make the breaches public and whether to fine companies.

Announcing the changes, Ms Kroes said: "Europe needs resilient networks and systems and failing to act would would impose significant costs on consumers, businesses and society."

According to the EU, only one in four European companies has a regularly-reviewed, formal ICT security policy. Even among ICT companies, the figure is only one in two, it said.

A recent study by accountants PwC suggested that three quarters of UK small businesses, and 93% of large ones, had recently suffered a cybersecurity breach.

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    +1

    Comment number 103.

    ...so the EUssr would know when their hackers had been detected.

  • rate this
    +1

    Comment number 102.

    I don't see why companies should pay if their hacked - if I forget to lock my front door does that make me a criminal?

  • rate this
    +2

    Comment number 101.

    87. bungle99
    "Is hacking a crime if they dont steal anything?"

    So I can break into your house while you're away, or even when you're sleeping, have a good snoop around, and as long as I don't steal anything there's no crime? Hmmmm... I don't think you'd be very happy about it, somehow...

  • rate this
    +3

    Comment number 100.

    Perhaps it should be the Computer Alert Response Team and they could appoint a horse to lead it.

  • rate this
    +1

    Comment number 99.

    The traditional carrot and stick approach that works reasonable well in many cases is not effective when dealing with cybercrime. Much as I don't like the idea of it a "Carrot Only" approach will work better, give the hackers a competititive reward for hacking and turn them into freelancers!

  • rate this
    +2

    Comment number 98.

    Thought the EU was about trade why is it trying to get involved in the criminal law that is nothing to do with trade. Criminal matters are a matter for nation states to decide nothing to do with the EU I say that as a legal professional.

  • rate this
    0

    Comment number 97.

    11.
    Khuli
    5 Hours ago

    6.corncobuk
    As for fining a company for being a victim, well that`s just ridiculous
    ----
    I disgaree. If it has poorly designed systems that leads to its customers data being lost or stolen, then it should certainly be fined.

    ---------------------

    Security is not 100% effective no matter what defenses are put in place, just look at all the data stolen from government depts.

  • rate this
    -1

    Comment number 96.

    About time to be honest. We keep going on about not having enough police beat officers but really, the petty crimes that they deal with are nothing compared to spaghetti network of different criminals, scammers, spammers, malware writers, botnet administrators etc in terms of causing more grief to the general populace.

  • rate this
    +3

    Comment number 95.

    One problem is that a lot of companies' computer systems are so chaotic that unless there is a huge icon of a masked man jumping up and down on their screen holding a banner saying "You've just been hacked" they won't realise it

  • rate this
    +2

    Comment number 94.

    if the company can't keep your private information secure they don't want to be required to admit their failure is the gist of the complaint

  • rate this
    +2

    Comment number 93.

    @ACET
    I also work in the industry, and I disagree with "1) There are no hack-proof systems. Connected to the outside world = can be hacked by an attacker with enough will & resources."

    Systems can be made secure by adopting only tested protocols. The problem is that most companies are busy catching the latest technology wave rather than testing the systems they build.

  • rate this
    +1

    Comment number 92.

    More red tape from the eu mandarins. Wouldn't be so bad if it achieved a result, but it will all end up as more eu stats and more money being shelled out to the eu. Perhaps it's time WE charged the eu for all this data they want ! Let's not forget, the eu are experts at fudging and losing things when it's convenient to them.

  • rate this
    0

    Comment number 91.

    FIrefox has a great "do not track me" extension

    Also use Startpage to filter your Google search

    Anonymouse is a pretty good proxy server also

  • rate this
    +3

    Comment number 90.

    I can see this getting costly. Decent network security is very expensive. I work in a school and have to purchase Antivirus licenses, endpoint protection, encrypted memory sticks just to compley with the ICO and the Data Protection Act 1998. This cost then has to be passed on to the taxpayer.

  • rate this
    +1

    Comment number 89.

    Who are these people who claim no system is 100% secure? Do they have a vested interest? What about RSA encryption, and its ilk. As for GCHQ's magical powers, let's not forget they were defeated by a bird brain - a WWII pigeon found stuffed up a chimney!
    It's more likely govts don't want citizens using secure systems for fear of not knowing we're up to, simple as that.

    PS Encoded rot13, twice.

  • rate this
    -1

    Comment number 88.

    #85... I would only agree with you *IF* it was purely your own data, and not that of any of your customers.
    If you as a business collect personal details, then you have the responsibility to protect them. If your database is compromised, then it's your responsibility to recify (or at least notify) that fact.

  • rate this
    +1

    Comment number 87.

    Is hacking a crime if they dont steal anything? A burglar might look in your window and decide not to bother as all your stuff is rubbish. Are we gonna jail everyone who walks past our house? Or the homeowner for not sitting there and logging everyone that does? This is just daft as we all know that you dont know you have been hacked unless the hacker wants you to.

  • rate this
    +2

    Comment number 86.

    You'll never stop all hacks in the same way you'll never stop all burglaries. If someone really wants to get in, they will.

    Ties in nicely with the Snoopers Charter though - intercepting communications that they are neither sender nor recipient of...to me, that's hacking!

    I suppose it's much easier to fine the victim than it is to catch & imprison the criminal...potentially a Government.

  • rate this
    0

    Comment number 85.

    #80 O.K, fair point if its a third party situation like you describe but I'd expect the company to tell me my card was compromised not the EU!

    However if its an individual being hacked (I've got a little hobby business and its own website) I shouldn't be risking prosecution for not reporting a hack if I'M the victim of the crime. (I don't have any customer payment details on the site BTW)

  • rate this
    0

    Comment number 84.

    Can they guarantee any data held will be secure. Also under English Law it is only possible for anyone to be fined after an appearance in a court of law. Or has that been shelved by MPs looking after there gravy train for there well off friends. Ore back door fines for people and it is us the people of this country who will have to pay. We will be paying RSB fine, but hey thats illegal also.

 

Page 2 of 7

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.