With the wave of cyberattacks that hit many European companies in the past few years, European cybersecurity has become a priority for EU governments.
One recent case that comes to mind is that of a Denmark-based shipping company which lost a whopping $250 million in business income after the global NotPetya ransomware attack affected thousands of victims. The system shutdowns left some of its shipping terminals around the world unable to operate, and took over two weeks to fix, resulting in significant interruption to its normal business operations.
Another notable cyber case involved a UK bank that was held liable by the Financial Services Authority for inadequate systems and controls that led to a serious IT incident. Account holders faced disruptions for up to two weeks after a faulty software upgrade. Customers were unable to use online banking facilities to access their accounts and other services, which consequently resulted in the imposition of a large penalty on the company. An accounting provision amounting to $203.3 million was reserved to cover the response costs, investigations, penalties, customer compensation, and other resulting expenses.
These are just two concrete examples of European cybersecurity breaches demonstrating how vulnerable the regions organizations are to online fraud of catastrophic magnitude. This is especially true now with the majority of the region’s industries relying on digital technologies and business models depending heavily on online transactions.
Amid the series of of cyber incidents including the Wannacry ransomware attack, the NotPetya incident, and the Macron campaign hack in 2017, the European Commission is stepping up its efforts to better protect Europeans online. The implementation of new cyber and data privacy regulations this year such as the EU General Data Protection Regulation (GDPR) and the EU Network and Information Security Directive are indeed a timely response given the European cybersecurity losses that occurred in recent years.
This year, the European Commission continues to acknowledge the vulnerability of organizations to cyberattacks, coming up with proposals to strengthen cybersecurity with initiatives like having a blueprint on how to respond to large-scale cyberattacks. It also set aside funding for a European Cybersecurity Research and Competence Centre which will be joined by network of similar center at member state level.
In the area of FinTech, the EU’s goal as indicated in its draft is to:
“harness rapid advances in technology to the benefit of the EU economy, industry and citizens and to foster a more competitive and innovative European financial sector”.
By the looks of it, the European Union is not leaving any stone unturned in order to ensure that market participants and regulators improve cooperation to fight cyber criminals.
If you’d like to learn more about recent cyber losses in the EU, check out my compilation of Notable European Cyber Losses from 2011 2017.