A conference on cyber crime has been told that Irish companies should be prepared for a new European cyber security policy which will become law next month.
The Network Information Security (NIS) directive sets new security standards. Organisations have 21 months to comply or potentially, in the event of a breach, face fines up to €10m or 2 % of global turnover.
Both pieces of legislation include mandatory breach notification, which means that organisations need to be able to detect, scope, and report a breach to the competent authority within a short period of time. Estimates of global financial losses due to cyber crime are at least €350 billion a year and are expected to reach €1.89 trillion by 2019, according to the executive agency for SMEs at the European Commission. It is estimated that cyber crime has led to the loss of up to 150,000 jobs in Europe.
The potential "eye-watering" fines were not for being breached, but for not being prepared for the new directive.
While research shows organisations Europe-wide are not yet fully prepared to implement the new EU legislation, the impact of a European cyber regulation landscape is also now hampered by confusion about the involvement of a post-Brexit Britain in ensuring uniform standards and collaboration. Compliant Irish businesses will be more attractive to global customers looking for high cyber security standards in an English-speaking country. It is estimated that the new NIS directive will add €500 billion to the GDP of Europe, and, in a post-Brexit era, this is most appealing and viable for Ireland to take advantage of.
The conference was told that the new EU laws were expected to have a positive effect on the growth of cloud-based services and related sectors, and, despite Brexit, would bring opportunities for the Irish tech sector.
The conference heard that Irish individuals and businesses are excessively vulnerable to cyber crime because of slack security at even the most basic level, according to a 2015 Eurobarometer Report by the European Commission. In the survey from March last year, 57 % of Irish people admitted to opening e-mails from people they don’t know. Only 26 % of Irish internet users said they regularly changed their passwords and 75 % of Irish surveyed use the same password across different sites and online services.
Victims of cyber crime here were slightly above the EU average, with 9 % of Irish internet users having been the victims of identity theft and 10 % of Irish internet users falling victim to bank card or other online banking fraud.
The conference also discussed a growing scam hitting Irish tech companies where the chief executive is contacted by a cyber security student or researcher, claiming to have inadvertently compromised the company’s network. They prove this by supplying portions of the administrator password or other crucial detail. They then offer their services to work remotely for up to €15,000 a month to advise the firm on security so beware !
PaycheckPlus – Making Payroll Easy!
For information and assistance on processing payroll for employees, call +353 (0)41 98 92 100 or Request a callback from our Payroll Team today.