With the rise of computer security issues and the need to protect the data collected on users of a service online, digital companies can to face attacks impacting tremendously privacy of their clients. Who does not remember the Sony Hack December 2014, which has caused personal problems to many employees of the firm?
Hence the desire for a future European directive in force these new technology companies to report any cyber attack on their systems. An idea that does not please everyone!
The idea was already forcing companies working in sensitive sectors such as energy, health, transportation, finance, telecommunications, water supply … to establish a minimum level of computer security for the data they house can be protected. This directive, called NIS (for Network and Information Security), also require these companies to report any attack, intrusion or data loss.
But since then, it appears that carriers of this law have realized the risks of huge volumes of data stored within the digital enterprises. Data that can sometimes result in huge financial losses when they are found in nature following a computer attack carried out efficiently.
The problem is that right now in France, no legislation obliges the victims of these attacks companies (except the electricity companies, water and telecommunications) to publicly disclose the major problems they have encountered. Thus, the authorities and the general public remain ignorant until the stolen data can be used maliciously by hackers …
The requirement for digital companies to disclose encountered cyber attacks could therefore help in the fight against these cyber attacks in a more efficient and transparent way, is not it?
A bond which unfortunately scare some companies unaccustomed to disseminate such disturbing and damaging information. Some even fear that this type of directive could harm their competitiveness with other companies.
It would however fashionable that users can choose in full knowledge of digital services to which they are keen to sign up, being able to know if their stored data has potentially been corrupted or stolen by hackers. In the end, such a disclosure requirement would be, I think, beneficial to all, both for companies and / or their customers.