New cross-EU cyber-security legislation a 'wake-up call' for companies that handle data

'Surprisingly large organisations still have little idea who is able to access vital assets,' warns 8MAN

New European Union cyber-security legislation should serve as a wake-up call to companies that handle personal data.

That's the view of Jens Puhle, managing director of security firm 8MAN, who welcomed yesterday's agreement between the European Parliament, the European Council and the European Commission designed to make the whole of the EU's online environment more secure.

However, Puhle argued that organisations must take more responsibility around handling data.

"Surprisingly large organisations still have little idea who is able to access vital assets such as customer financial data and intellectual property, leaving them wide open for an internal data breach," he said.

"Companies must prove they are doing everything in their power to lock down mission-critical data, including restricting access to essential personnel and equipping themselves with the ability to monitor and track all access," Puhle continued.

"With the proposed legislation coming alongside the upcoming EU Data Protection Regulation, which may levy fines of up to €100m for poor practice, any organisation still unable to account for how its data is accessed is risking disaster," he concluded.

According to the European Commission, preventing information systems that provide essential services to businesses from being disrupted in the event of incidents ranging from malicious cyber-attacks, to human error to natural disasters is a "priority". The European Parliament and EU Council of Ministers have now reached an agreement on rules ensure a high common level of network and information security (NIS) within the EU. The agreement is designed to improve the cyber-security capabilities of member states and also the co-operation between EU states on this issue.

The deal will require operators of essential services in the energy, transport, banking and healthcare sectors, along with search engines and cloud computing providers, "to take appropriate security measures and report incidents to the national authorities".

Andrus Ansip, European Commission vice-president for the digital single market, welcomed the agreement.

"Trust and security are the very foundations of a Digital Single Market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure," he said.

Ansip argued that "the internet knows no border", so it's essential that countries work together to fight against cyber crime, hackers and other threats to networks.

"A problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber security solutions," he said, adding that last night's agreement is an important step in this direction.

News of the agreement comes shortly after the European Commission's innovation adviser, Robert Madelin, described the growing need for cyber-security as "a big business opportunity" for the private sector.