A recent Linklaters report identified a 50% increase in large data breach incidents over the last three years. Last year, high profile cyber security incidents included the access by hackers to around 30 million Facebook accounts and the breach of security involving 500,000 Google+ accounts. These cases tend to have an increasing impact on the stock price/valuation of the relevant companies and the tenure of senior management.
In 2018, many countries have adopted new provisions regarding cyber security. EU Member States were due to transpose the NIS Directive by 9 May 2018 and identify the covered operators of essential services by 9 November 2018. Asian countries including China, Singapore and Vietnam, adopted cyber security legislation, while others such as India and Australia adopted (amendments to) data protection rules with cyber security implications.
In the EU, the NIS Directive and other instruments support strategic cooperation and exchange of information among countries through the creation of a cooperation group and a network of computer security incident response teams. A political agreement was reached on the cyber security act in December 2018, aiming to strengthen the European Union Agency for Network and Information Security by granting it a permanent cyber security mandate and allocating more resources to it. It also creates a framework for European Cyber Security Certificates for products, processes and services that will be valid throughout the EU.
Cybercrime is not limited to lone wolf and financially motivated crimes. A range of state actors worldwide also engage in cyber warfare, be it for political and/or strategic objectives or for financial motives.
An increasing number of countries outside of the EU are aligning their data privacy laws on the EU model, including the introduction of mandatory data breach notifications (rendering cyber security incidents more visible) and increasing fines. For example, New York’s Stop Hacking and Improve Election Data Security (SHIELD) Act, intended to modernize New York’s current data privacy laws, is pending before the New York legislature.