In February 2013, the European Commission (EC) published a proposed Directive on Network and Information Security alongside a wider cyber security strategy. Our Law-Now on this development can be found here.
The general driver for the proposed Directive is a concern that EU businesses are losing valuable intellectual property through cyber crime and an aspiration to promote a safe online environment, in accordance with wider EU trade principles.
The proposed Directive suggests:
- that each Member State should produce a national cyber security strategy and establish a Computer Emergency Response Team (CERT) and a competent authority for cyber security;
- information sharing between Member States, as well the creation of a pan-EU cooperation plan and early warnings for cyber incidents; and
- compulsory reporting of security breaches that have a significant impact on the provision of core services to a ‘national competent authority’ that would enforce the Directive. Sectors that this would apply to include: public administration; the finance, energy, transport and health sectors; and ‘enablers of internet society services’, such as app stores, cloud service providers, social networks and e-payment providers.
The Directive can be accessed here.
To support their understanding of the cyber risk insurance market, the EC has prepared a questionnaire and invited responses from insurance providers which sell cyber-related products. This questionnaire can be accessed by clicking here.
Insurance Europe, the European insurance trade body, will be responding to the survey on behalf of national trade bodies. The Association of British Insurers and Lloyd’s of London have requested responses to this survey by tomorrow, Thursday 18 July so that they can feed into the Insurance Europe response. If you would like to respond to the survey, please email your responses here.