Targeted attacks will change the economics of security

Today, European Justice Commissioner, Viviane Reding, will unveil the new European Privacy Directive, designed to safeguard personal, identifiable information that is stored by private and public sector organizations.

All 27 European member states will be governed by the new rules, which could see companies being fined 2 per cent of global turnover if their customers’ privacy is breached.

Under the new rules, all UK companies that suffer a security breach will have to inform the Information Commissioner within 24 hours of discovering a breach. Companies with more than 250 employees will have to appoint a privacy officer.

Corporations risk being fined up to 2 per cent of their global turnover for failure to adequately secure citizens’ information. In addition, in a new “right to be forgotten” ruling, customers can request details of the information that companies hold about them and ask for it to be amended or removed.

Bruce Green, Chief Operating Officer at M86 Security, comments: “While we applaud the move to strengthen safeguards around individuals’ private information, we recognize that this harmonization of data privacy rules across Europe will increase the data management overhead for companies of all sizes. The prospect of being fined two per cent of turnover will change the economics of security, because the cost of compliance compared to the financial risk of a breach will now fall firmly in favour of security for global enterprises. This will make information security a discussion for the boardroom, not just the domain of compliance specialists and privacy officers.”

“With the increasingly stealthy tactics employed by cybercriminals and hacktivists, companies are going to be increasingly wary of untoward activity on servers, email and Web channels. We predict that the European directive will drive a new wave of awareness and innovation in information protection and cyber security,” he added.