The European Parliament recently enacted a new directive to toughen the response to cyber-crime. Recognizing that attacks against information systems are a growing menace, the Directive requires EU member states to strengthen their criminal penalties against computer hackers, including harmonizing minimum definitions of the criminal conduct and enacting uniform, effective penalties of fines and/or mandatory imprisonment. The criminal penalties would apply to illegally accessing or interfering with information systems, illegally transferring data, illegally intercepting communications or intentionally producing and selling tools used to commit these offenses. The Directive also bolsters cybercrime response by establishing national points of contact who would be required to respond to urgent requests for assistance within eight hours. The Directive also states that member states should report cybercrime threat and offense information to Europol. The Directive supplements the 2005 Directive on information system attacks. The Directive must now be approved by the EU Council, which is expected to approve it. After approval, EU member states will have two years to enact the Directive's provisions into their national laws. Denmark has opted out of the Directive.

TIP: The new Directive suggests that there may be added resources in the future for companies who have suffered a cyber-crime event. In the meantime, entities that suffer a cybercrime in an EU jurisdiction may wish to contact Europol to increase the chance of a successful investigation and prosecution.