EU proposes new cybercrime reporting rules

European cybercrime centre A European cybercrime centre was opened in The Hague last month

Related Stories

Over 40,000 firms, including energy providers, banks and hospitals could be required to report cyber-break-ins under new rules proposed by the EU.

It is part of a move to intensify global efforts to fight cybercrime.

Digital agenda commissioner Neelie Kroes said that Europe needed to improve how it dealt with cybersecurity.

But firms are concerned that reporting online attacks and security breaches might damage their reputations.

Many breaches

The EU is keen that member states share information about attacks and shore up their cyber-defences.

Under the proposals, each country would have to appoint a Computer Emergency Response Team and create an authority to whom companies would report breaches.

These new bodies would decide whether to make the breaches public and whether to fine companies.

Announcing the changes, Ms Kroes said: "Europe needs resilient networks and systems and failing to act would would impose significant costs on consumers, businesses and society."

According to the EU, only one in four European companies has a regularly-reviewed, formal ICT security policy. Even among ICT companies, the figure is only one in two, it said.

A recent study by accountants PwC suggested that three quarters of UK small businesses, and 93% of large ones, had recently suffered a cybersecurity breach.


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 22.

    I work as a professional in the industry:

    1) There are no hack-proof systems. Connected to the outside world = can be hacked by an attacker with enough will & resources

    2) Limit critical information in connected systems. Being hacked is a problem, leaking credit card information is a catastrophe

    3) The safety of a system depends on the experience of the software designer. Pay peanuts, get junk

  • rate this

    Comment number 19.

    When the EU, UK, USA or UN start discussing the Internet we should be very wary. These are massive bureaucracies with fascist potential. In my opinion, they ought to leave well alone. The Internet deserves the freedom it has and it should be up to each organisation and every individual to protect themselves against cyber-attack. We do not need big brother meddling with our precious liberty.

  • rate this

    Comment number 21.

    Firms already have responsibility to protect data under the Data Protection Act. Why not just strengthen and reinforce legislation that's already in place?

    Being "into IT" I am always very, very suspicious when governments try to implement any new rules regarding computing. They fear the general public being able to do technological things that they have no clue about.

  • rate this

    Comment number 9.

    I've heard the analogy before that fining companies who suffer data breaches is "like fining a bank who suffered a break in".

    Well, if that bank forgot to close the vault, didn't set the alarm and left the keys in the lock on the front door, then they deserve a fine.

    Companies who look after our personal data should have proper rigourous data protection safegaurds that they keep up to date.

  • rate this

    Comment number 31.

    I don't know what the fuss is about security. I've just won the Nigeria state lottery.


Comments 5 of 123


More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.