BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>>

PREVIOUS

   Current Article ID:3894

NEXT



Security Directive Could Cost Organisations Billion

Editorial Type: Industry Focus     Date: 03-2014    Views: 2660   










UK businesses could be hit hard in the pocket by a new EU Cyber Security Directive

Many of the world's largest enterprises are not prepared to deal with a new European Union Directive on cyber security, which states that organisations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. That is the finding of a new study that comes from Tripwire and the Ponemon Institute

The directive, which was adopted in July last year, requires that organisations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities. Organisations that suffer a breach because they do not have sufficient IT security in place to protect their digital assets face fines of up to two 2% of their annual global turnover.

However, Tripwire's study, which looked at security management of 1,320 IT security professionals working in healthcare and pharmaceuticals, financial services, the public sector, retail, industrial, services, technology, software and communications or education and research, revealed that most organisations are underprepared for the directive and therefore at risk of being fined millions of pounds.

The overall findings from the survey were:

• 28% of organisations do not have a formal risk management strategy applied consistently across the entire enterprise
• Only 5% have a mature risk-based security management programme.

The most significant barriers limiting the adoption of effective risk-based management activities within their organisation were cited as follows:

• 34% said insufficient resources or budget
• 18% highlighted lack of C-level support or buy-in
• 48% cited lack of skilled/expert personnel
• Only 51% assess risks
• Only 58% assess vulnerabilities
• Only 58% identify threats.

Dwayne Melancon, chief technology officer at Tripwire, comments: "The new EU Directive has the potential to have a huge global impact, because it applies to any organisation which operates in the EU, even if they are headquartered elsewhere in the world. Countries have been given two years to put the EU Directive into place and organisations should be using this time to tighten their security programmes; ensure that incident detection and response processes are in place and effective; and harden their systems, applications and networks to reduce the risk of breaches."

"The size of the fines connected with the directive are so big, they will definitely get the attention of CEOs and boards," continues Melancon. "It is incumbent upon senior business executives to seek clear answers about security risks from information security leadership to ensure appropriate steps are taken to enable compliance with this directive before it takes effect."

According to the findings of Tripwire and the Ponemon Institute, the new EU Cyber Security Directive could seriously impact companies financially, if they fail to abide by its demands. By their calculations, 10 top companies in the UK could, in theory, collectively be fined as much as £20.34 billion, based on revenue of £1,017.1 billion, founded on their published results at the time of the research. Despite these worrying figures, many industries are seriously behind, they say, in terms of IT security and risk.

The directive has yet to be approved by the EU Council. Once published in the Official Journal of the European Union, EU member states will have two years to implement it into their national laws.

Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT