The Commission has launched this consultation to help it prepare a legislative proposal on network and information security, which will be an important element of the upcoming EU strategy on Cyber security. Feedback received will help the Commission draw up an approach to possible future risk management and security breach reporting requirements that would affect businesses in particular. The consultation runs until 12 October 2012.
Cyber incidents are becoming more frequent. In 2011, web-based attacks increased by 36% over one year and there was a five-fold increase in companies reporting security incidents with a financial impact between 2007 and 2010 (5%-20%). And the risk is growing. In the next decade there is a 10% risk of a major Critical Information Infrastructure incident causing more than $250 billion in economic damage, according to the World Economic Forum.
Cyber incidents can be triggered by accidents like natural events, human errors, technical failures or by more sinister causes such as malicious attacks, economic espionage, terrorism and state-sponsored activity. They can also have serious consequences for society and the economy when affecting critical sectors such as finance, health, energy and transport and erode public trust for activities online in general.
This is also a global challenge since many cyber incidents and attacks originate outside the EU.