EU cyber security laws and regulations have come under heavy attacks by Imperva. According to the Register “The European Commission is asking for feedback on practical rules to ensure that anyone in Europe who has their private data breached will be told”.
Rob Rachwald, Director of Security Strategy at Imperva, who was unsparing in his criticism of what has been termed by some cyber security experts as “pure madness” said: “Governments are approaching cyber security laws and regulations in an over heavy-handed fashion. Hackers are, by definition, early adopters, and government and private industry require an organic approach which enables constant adjustment”.
Rachwald added: “Another key element to consider is providing both a prescriptive approach to complement any punitive measures. Today, most regulations, especially recent legislative proposals, emphasize only a punitive approach - a method that enables companies to game the system. They simply can risk a breach without having put in place the basic elements of cyberdefense. The industry's prescriptive method makes this much tougher.”
Rachwald reveals his organisation has been dotting its i’s and t’s on the proposed collaborative approach between the Government and the private sector. “At Imperva, we have been discussing the required collaboration between the government and the private sector in terms of cyber-crime,” he said: “But how about regulations? Before all breach disclosure laws kick in, the EU is requesting the private sector for their opinion on it: what works, what doesn't, how to apply etc. It even reminds me of PCI where the council consists also of customers and the regulation is changed every few years based on practicalities and feedback.”