The European Union (EU) has issued a new directive that could lead to the winding up of businesses if they engage in or fail to prevent hacking attacks against rival companies.
According to the directive, the supranational body wishes to establish minimum rules defining criminal offences in the domain of cyber attacks in order to improve co-ordination between member states' law enforcement bodies and other international bodies such as Europol and ENISA.
This is an important step to boost Europe's defences against cyber-attacks.
The move comes in response to what the EU claims are an increasing number of cyber attacks within the EU that threaten member states' infrastructure and security, as well as their economic integrity.
With regard to companies, the directive states: "Member States shall take the necessary measures to ensure that legal persons (i.e. companies and groups) can be held liable for offences ... committed for their benefit by any person, acting either individually or as part of a body of the legal person, and having a leading position within the legal person."
This includes instructing employees to take part in hacking or hiring hackers to act on their behalf.
Suggested sanctions against companies include temporary or permanent exclusion from carrying out commercial activities, closure of the establishment used for the commission of the offence or a winding-up order.
However, the directive is not just aimed at companies engaging in corporate cyber espionage or sabotage. Individuals carrying out attacks, such as botnet masters, will also face fines or imprisonment.
In a statement, Cecilia Malstrm, the EU's commissioner for home affairs said: "This is an important step to boost Europe's defences against cyber-attacks.
"Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Crackdown on crypto needed to curb cyber crime, says expertNews Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
-
The gratitude gapWhitepaper 2023 State of Recognition
-
UK gov invites experts to contribute to its overhauled AI regulatory approachNews The new approach will not adopt the EU's centralised model and sits alongside the National AI Strategy and Data Protection and Digital Information Bill
-
UK government opts against regulation for cyber security standardsNews UK Cyber Security Council will move ahead with its planned chartered standards, with the government to monitor its adoption
-
Encryption battle plays out in Australian ParliamentNews The opposition said that the government is “addicted to secrecy”
