EU takes action on cyber-security

The European Union (EU) has reached an agreement on new legislation which will improve cyber-security across all member states. The European Commission proposed the directive in 2013 and an agreement on its content was reached by the EU Council of Ministers and the European Parliament on 7th December.

The Commission is keen to ensure a high common level of network and information security (NIS) in the EU but recently our computer information systems have been affected by an increasing number of security incidents. The new rules will:

  • improve cybersecurity capabilities in Member States
  • improve Member States’ cooperation on cybersecurity
  • require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities

The text of the directive will now be formally approved by the European Parliament and the Council. After that it will be published in the EU Official Journal and will officially enter into force. Member States will have 21 months to implement this Directive into their national laws and 6 months more to identify operators of essential services.

The Commission said it would launch a public-Private partnership on cybersecurity in 2016,as announced in its Digital Single Market strategy published in May this year.

Meanwhile, the Committee on Payments and Market Infrastructures (CPMI) and the Board of the International Organization of Securities Commissions (IOSCO)  has released a consultative paper, Guidance on cyber resilience for financial market infrastructures , 

The CPMI said that as financial market infrastructures (FMIs) play a critical role in promoting the stability of the financial system the cyber risks they face, and their level of readiness to effectively deal with worst case scenarios, have been considered top priorities by industry leaders and authorities alike. The Guidance aims to add momentum to and instill international consistency in the industry’s ongoing efforts to enhance FMIs’ ability to pre-empt cyber attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if they succeed.

Mr Greg Medcraft, Chairman of IOSCO, added: “The proposed Cyber Guidance is the culmination of extensive collaboration between IOSCO and the CPMI. It reflects an urgency to address the increasing risks that cyber threats pose to FMIs and financial stability, as well as the need for a coordinated approach. At the FMI level too, cyber resilience cannot be achieved by individual institutions alone in our highly interconnected financial sector. The broader ‘ecosystem’ needs to work in unison. The Guidance calls upon the ecosystem to do just that. We hope to collaborate with all stakeholders to meaningfully enhance the cyber resilience of our financial system as we refine these proposals and later implement them.”

The consultative report is available on the websites of the Bank for International Settlements and IOSCO. Comments on the report should be submitted by Tuesday 23 February 2016 via e-mail to both the CPMI Secretariat and the IOSCO Secretariat.

Manifest’s research has found that UK’s  largest companies still need to do more to combat the risks posed by cyber attacks and that investors need to monitor companies to ensure they are taking these risks seriously. For a copy of this research email

Leave a Reply