EU proposes new cybercrime reporting rules

European cybercrime centre
Image caption,

A European cybercrime centre was opened in The Hague last month

Over 40,000 firms, including energy providers, banks and hospitals could be required to report cyber-break-ins under new rules proposed by the EU.

It is part of a move to intensify global efforts to fight cybercrime.

Digital agenda commissioner Neelie Kroes said that Europe needed to improve how it dealt with cybersecurity.

But firms are concerned that reporting online attacks and security breaches might damage their reputations.

Many breaches

The EU is keen that member states share information about attacks and shore up their cyber-defences.

Under the proposals, each country would have to appoint a Computer Emergency Response Team and create an authority to whom companies would report breaches.

These new bodies would decide whether to make the breaches public and whether to fine companies.

Media caption,

Kaspersky Lab's David Emm said companies should not be embarrassed by intrusions

Announcing the changes, Ms Kroes said: "Europe needs resilient networks and systems and failing to act would would impose significant costs on consumers, businesses and society."

According to the EU, only one in four European companies has a regularly-reviewed, formal ICT security policy. Even among ICT companies, the figure is only one in two, it said.

A recent study by accountants PwC suggested that three quarters of UK small businesses, and 93% of large ones, had recently suffered a cybersecurity breach.

Related internet links

The BBC is not responsible for the content of external sites.