In the UK, there are upwards of 49 million cyber attacks annually, and this number is increasing. Now a priority for all sizes of business, cyber security has attracted the media spotlight; earlier in the year, Vince Cable warned that some key services were especially vulnerable, while David Cameron also recognized the potential dangers – a fact that led to his request for China to enter discussions about cyber attacks. It has become increasingly evident that the issue is, in the 21st Century, a major economic concern.
A recent European Directive for Network and Information Security revealed the approach the EU is likely to take in its attempts to halt attacks on the digital front. However, the changes to MEPs in the May European elections mean it is still unknown how much of the directive will be implemented and enforced, but it provides a good indicator.
The European Directive
The directive aims to make Europe’s online businesses as secure as any in the world. The key to this security comes from several elements, including stronger inter-country cooperation, all EU states having their own cyber security strategy and, across the whole EU, a requisite reporting of all significant breaches.
In the UK, there is a more laissez faire, non-regulatory approach preferred. It is thought that mandatory regulations could lead to increased costs, and those companies with better systems to detect cyber attacks would suffer most.
The proposed unification of cyber security strategies across the EU does seem likely to improve the situation but, ultimately, it must be remembered that cyber security is an issue globally. The US government was critical of the European directive for its lack of alignment with international cyber security bodies.
The European and US working group on cyber security went some way to align the approaches, but there is some worry that it hasn’t done enough.
The US approach
In the States, President Obama’s Cyber Security Executive Order is similar to the UK’s preferred approach. It is a non-regulatory system that offers incentives in return for the compliance of businesses. This approach is designed to encourage cooperation rather than the subversion of its requirement through fear of loss of reputation.
The EU directive is a worthy ideal, but there is some concern its bureaucracy may have a detrimental effect on businesses. At a time when economies are stalling with every step forward, there is a real concern that an increase in operating costs caused by the directive could see EU businesses become less competitive than other international companies. Additionally, there is the worry that the EU approach will lack dynamism and won’t be able to respond quickly enough to cyber threats, which will lead to businesses being unsupported.
For the European Directive to have any hope of achieving its worthy aim, there will need to be a unified approach from all member countries and with the rest of the globe, in terms of regulation and data protection in particular. Should the directive in its pre-election format be rolled out, there is a danger that it will serve to thwart the fight for cyber security.