Large companies based in the European Union should be required to report hacker attacks the victims of which they become. This reporting obligation is included in a new proposal of a European Commission directive announced by the European Commissioner for the Digital Agenda Neelie Kroes in early February. The directive should address "sectors using telecoms networks in ways vital to the European economy and society" - i.e. mainly companies operating in the energy, transportation, banking, healthcare and the Internet industry. In total, this should be more than 40,000 companies with the exception of hardware and software vendors.
Brussels expects the Member States to come up with plans to improve the management of cyber risks and to establish local centers of cyber security to process the reports. At the EU level, a central authority will be created to respond to the possible threats.
Neelie Kroes argues that only a minimum of companies inform publicky about hacker attacks because they are afraid of damaging their reputation and losing their customers. Each attack, however, costs between several thousand to several million of euros. In 2012, 90% of large Companies and 76% of small companies were victims of a hacker attack.
-kk-