Cyber security reporting needed to reduce risk, says EU

Wednesday 13 February 2013

The European Union (EU) believes failing to act on IT security will impose significant costs on consumers, businesses and society.

Last week, the EU proposed new cyber security rules, which will bring in mandatory reporting where businesses and organisations experience attacks or breaches.

The plans were met with a mixed reception by businesses, with many concerned about the effects of such disclosures on their brand image and reputation.

Matthew Fell, director for competitive markets at the Confederation of British Industry (CBI), said the EU’s Cyber Security Strategy "rightly emphasises the importance of secure online networks to doing business in the 21st century".

However, he warned that mandatory reporting ignores the sensitive issues at stake around business reputation.

"It is important to build awareness of cyberattacks, but this should be done through voluntary sharing of information," Mr Fell added.

The EU's digital agenda commissioner Neelie Kroes commented that Europe needs resilient networks and systems, and failing to act is not an option.

This is because just one in four European companies has a regularly-reviewed, formal ICT security policy, it noted.

Businesses have access to a wide range of online security tools from Microsoft which can help guard against web-based attacks.

Posted by Alex Boardman