View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 27, 2015

EU security legislation not understood by one-third of businesses

60% believe little guidance has been provided in run up to NIS and GDPR legislation.

By Ellie Burns

Many European organisations are unprepared for and challenged by cost and complexity of compliance with new European Union security legislation.

Only 39% of France, Germany and UK indicated that they have all required measures in place for the NIS directive and less so for GDPR.

The proposed NIS (Network and Information Security) directive is set to be implemented in 2015 and will impose new security and incident reporting requirements on a broader range of private sector companies.

The GDPR (General Data Protection Regulation) legislation also has a due date of 2015, with compliance becoming mandatory in 2017.

"The past year has shown that breaches are inevitable as hackers continue to evade security, and the EU directives are an important step toward addressing these threats," said Richard Turner, VP EMEA, FireEye.

"Organisations need to ensure that they have the capabilities to detected, prevent, analyse and respond to breaches in a timely manner. The EU legislation — both the NIS directive and GDPR — promotes the adoption of capabilities to respond to and report breaches."

"While this is a positive step, organisations need to look beyond the EU directives and be prepared to launch an appropriate and proportionate response to a threat or breach in order to protect shareholder value."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Only 66% of the respondents surveyed believe their organisations fully understand the impact of the new NIS and GDPR regulations. This aligns with the high number of organisations surveyed (66%) which believe they are being provided little or no clear guidance on the legislation.

Challenges cited as barriers to compliance included additional hardware and software expenditure (64%), implementation costs (58%)and policy complexity (56%).

The survey results also saw most organisations (62%) expecting members of their own IT department to take the lead in assessing NIS and GDPR requirements.

"The new EU security and privacy requirements are incredibly important and will greatly increase the security obligations of European organisations," said Adam Palmer, International Government Affairs Director, FireEye.

"We encourage organisations of all sizes to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute a majority of advanced attacks in today’s threat environment."

"However, our research does show that organisations are not fully prepared for the implementation of the legislation, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared."

The survey results were revealed in FireEye’s "Mixed State of Readiness for New Cybersecurity Regulations in Europe" report. Conducted by IDG Connect, 260 people were surveyed from organisations based in France, Germany and the UK with each employing over 500 staff.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU