Firms in Britain will be forced to publicly declare data breaches after stern legislation on cyber security was approved by European lawmakers.
The landmark changes could lead to companies being sanctioned if they fail to report online crime to the authorities. The move follows a growing number of attacks, including the well-publicised hacking of telecom firm, TalkTalk.
Personal details of almost 157,000 TalkTalk customers are thought to have been stolen in October, and included 15,000 bank account numbers.
Andrus Ansip, president for the digital single market on the European Commission said in a statement to CityAM: “The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe.
“This is why we need EU-wide cyber security solutions.
“The agreement is an important step in this direction, but we cannot stop here.
“We plan an ambitious partnership with the industry in the coming months to develop more secure products and services.”
Under the new Network and Information Security Directive (NISD), firms in some ‘key sectors’ will have to ensure they are attack-proof.
Each EU member state will determine which companies fall within those sectors, but they are likely to include energy, transport, banking, finance, health and water.
Internet companies like Google and Amazon were also mentioned as likely to be included.
But while it may be welcomed by customers, head of security at CGI, Andrew Rogoyski, believes the move will have ‘huge implications’ for the cyber security of big companies, adding: “The obligation to publicly declare a breach will send shivers up the spines of chief executives everywhere.”