For our friends and colleagues who do business or are planning to do business abroad, here are a few "bits and bytes" from this afternoon's "Cybersecurity Goes Global" presentation at the International Association of Privacy Professionals ("IAPP") Summit in Washington D.C.
Key Developments: Similar to the US's recently-released "Framework for Improving Critical Infrastructure Cybersecurity" ("FICIS"), the European Union ("EU") recently issued and is actively working to adopt a uniform framework for its 28 member countries. As in the US, the EU faces challenges in creating a framework that is cost-effective and incentive-driven. However, the EU faces unique challenges as it seeks to harmonize the laws of 28 sovereign states with different concerns and levels of preparedness.
On the Horizon: Though the EU Cybersecurity Strategy has been issued and recommended, it still requires formal adoption by the Council of Ministers and European Parliament. The initial target for adoption was 2015; however, with upcoming Parliament elections and the sheer volume of work that needs to be done bringing EU member countries together, many are predicting that final adoption likely will not occur for several more years.
Unique Concerns: The Panel reminded us that, when doing business internationally, we need to be especially mindful that cyber risks are much broader than identity theft, and your company's cybersecurity is only as strong as its weakest link. The international community is seeing more and more instances of cyber malfeasance committed to harm people and corporations, as opposed to committing simple fraud. Moreover, many of the most harmful cyber incidents of late resulted from failings of third-party vendors, often without the resources or incentives to implement the security precautions mandated by the owner of the data.