Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Companies may face fine for breaching EU cybersecurity rules

Reprints
cybersecurity

(Reuters) — Large energy, transport and financial companies as well as digital providers and makers of medical and computer devices could be fined up to 2% of their global turnover for breaching EU cybersecurity rules under a European Commission proposal.

Concerns about the cybersecurity of key assets have mounted in recent months, especially over cyberattacks by state actors and other malicious players.

U.S. federal agencies and thousands of companies are now investigating a sweeping hacking campaign that officials suspect was directed by the Russian government. The European Medical Agency was also targeted earlier this month.

With two in five EU employees working from home due to the COVID-19 pandemic and one in eight businesses hit by cyber attacks, the EU executive says its proposal is meant to bolster Europe’s collective resilience against cyber threats.

The proposal includes beefing up the 2016 EU cybersecurity law with sanctions and expanding its scope to cover all medium and large companies in 10 essential sectors - energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, public administration and space.

Also deemed important entities and falling under the proposed rules would be all medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms.

Companies face a range of sanctions for non-compliance, which would also target management, EU Internal Market Commissioner Thierry Breton said.

“Fines for these entities, which are essential and important entities, if these are...repeated actions (in) not fulfilling requirements, (range) from 10 million euros ($12.2 million) to 2% of global revenue,” Mr. Breton told a news conference.

“In a case where a company continues not to fulfill its obligations, in this category, we can go up to suspension of authorization. That is the last resort. We may also have temporary bans against any persons discharging managerial responsibility,” he said.

Companies would be subject to strict cybersecurity requirements covering supply chains and supplier relationships, and also a stringent supervisory regime.

The Commission proposal includes setting up an EU-wide network of security operations centers to detect early signals of imminent cyberattack, and creating a joint cyber unit to boost cooperation between EU bodies and national authorities.

The proposal will have to be approved by EU member states and the European Parliament before it can go into effect, a process that could take several years.

 

 

 

 

Read Next

  • Emerging cybersecurity trends raise the stakes

    While the issue of how and under which policies cyber risks should be covered is the main issue insurers and insurance buyers are grappling with, several other trends are raising concerns in the sector.