The European Union (EU) has issued a new directive that could lead to the winding up of businesses if they engage in or fail to prevent hacking attacks against rival companies.
According to the directive, the supranational body wishes to establish minimum rules defining criminal offences in the domain of cyber attacks in order to improve co-ordination between member states' law enforcement bodies and other international bodies such as Europol and ENISA.
This is an important step to boost Europe's defences against cyber-attacks.
The move comes in response to what the EU claims are an increasing number of cyber attacks within the EU that threaten member states' infrastructure and security, as well as their economic integrity.
With regard to companies, the directive states: "Member States shall take the necessary measures to ensure that legal persons (i.e. companies and groups) can be held liable for offences ... committed for their benefit by any person, acting either individually or as part of a body of the legal person, and having a leading position within the legal person."
This includes instructing employees to take part in hacking or hiring hackers to act on their behalf.
Suggested sanctions against companies include temporary or permanent exclusion from carrying out commercial activities, closure of the establishment used for the commission of the offence or a winding-up order.
However, the directive is not just aimed at companies engaging in corporate cyber espionage or sabotage. Individuals carrying out attacks, such as botnet masters, will also face fines or imprisonment.
In a statement, Cecilia Malstrm, the EU's commissioner for home affairs said: "This is an important step to boost Europe's defences against cyber-attacks.
"Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation."
