In response to the news that the European Parliament has voted for an overhaul to existing data protection laws, where companies that are in breach of the regulation will face extremely heavy penalties of up to £100 million, Dwayne Melancon, chief technology officer at Tripwire reacts:
“The new EU Directive has the potential to have a huge global impact because it applies to any organisation which operates in the EU, even if they are headquartered elsewhere in the world. Countries have been given two years to put the EU Directive into place and organisations should be using this time to tighten their security programs; ensure that incident detection and response processes are in place and effective; and harden their systems, applications, and networks to reduce the risk of breaches.”
The size of the fines connected with the Directive are so big they will definitely get the attention of CEOs and boards. It is incumbent upon senior business executives to seek clear answers about security risks from information security leadership to ensure appropriate steps are taken to enable compliance with this Directive before it takes effect.”
The Directive is an excellent reminder that adopting a recognized set of security controls can significantly accelerate the implementation of a reliable security strategy. Organisations looking to improve security practices can also access a wealth of practical information through peer groups such as sector-specific ISACs (Information Sharing and Analysis Centres) where they can share methods and practices to improve their chances of achieving strong outcomes for cyber security.”
***Tripwire and the Ponemon Institute recently undertook research into different industry’s preparedness in term of the directive. The results show that most industries are completely unprepared and therefore face extremely high fines if they do not get themselves in order.