Firms warned of EU cyber security fines

A large number of Irish firms will be liable for multi-million euro penalties if they fail to comply within 21 months with new EU-wide cyber security rules due to come into effect next month.

The EU has moved to update and improve the preparedness of businesses to deal with cyber attacks and prevent breaches, as global estimates put the cost of cyber crime at €350bn and set to rise to €1.89tn by 2019.

As part of its efforts to counter the growing threat to business, a new cybercrime policy, the Network Information Security (NIS) directive, will come into force in August.

Under NIS, businesses classed as either essential service providers or digital service providers (DSPs) must adopt the requirements of the directive within 21 months of August 2016 or face fines of up to €10m or 2% globally.

Essential service providers are organisations active in critical sectors such as energy, transport, health and finance.

Digital service providers refer to online marketplaces, search engines and cloud services. A separate set of rules — the General Data Protection Regulation (GDPR) — also allows for potentially larger fines of €20m or 4% of global turnover.

“Be prepared, not scared is the message in relation to the new EU legislation on privacy and security. The eye-watering fines of up to €20m are not for being breached, but are for not being prepared,” International Cyber Threat Task Force president Paul C Dwyer said yesterday.

The confusion the UK’s Brexit vote has caused could play into Ireland’s hands if we can show a clear and comprehensive cyber policy has been adopted in the EU’s soon-to-be sole English-speaking country.

This could land Ireland a larger slice of the multi-billion windfall that adoption of NIS is expected to yield.

“It is estimated that the new NIS directive will add €500bn to the GDP of Europe, and, in a post-Brexit era, this is the most appealing and viable [option] for Ireland to take advantage of.

“The UK is now essentially a ‘No Man’s Cloud land’, so operators and, more importantly, global customers are unsure what this means in relation to the security and compliant hosting of their data.

"Hence the massive opportunity for Irish providers to instill confidence and bring clarity and comfort to customers hosting and protecting their data” Mr Dwyer said at a briefing in Dublin yesterday for members of Ireland’s cyber task force which includes Ryanair, Vodafone, ESB Networks and Virgin Media among others.

Attendees also heard how ransomware attacks are becoming so common that businesses are attempting to expense them.


It still surprises me as I am achingly private and do not enjoy being at the centre of attention.This Much I Know: Actor Aislin McGuckin

Bride Geraldine O’Donovan felt as wonderful as she looked on her big day — knowing she was supporting a cause close to her heart as she donned her wedding gown.Wedding on the Week: Supporting a cause close to their hearts

I did my Leaving Cert in June and have just started college this week, so my school experience is extremely fresh in my memory. I went to Davis College in Mallow and it was a fantastic experience. I was the loud obnoxious child at the back of the classroom from day one. I had to (and still do, by the way) have an opinion on everything.Stand up and be counted : The Young Offender's Demi Isaac Oviawe on college and school life

When I was in secondary school I started working part-time as a waitress and I suppose I caught the hospitality bug back then.You've been served: General manager at Inchydoney Island Lodge & Spa Caitriona O’Keeffe

More From The Irish Examiner