A new cyber security plan by the European Union has made it mandatory for businesses run by member states to report incidences of cyber attacks directly to a central authority.
It is hoped the new rules will help find solutions to the ever-growing Internet insecurity, though critics argue it could hurt businesses and make it hard to adapt to newer cyber threats.
The new plan, which was adopted yesterday to minimise disruptions caused by attacks, means that a number of companies that are now cross-owned, such as Apple, Facebook, Google and Amazon, will have to report any such attacks. Others include Twitter, Microsoft, LinkedIn, WordPress, Picasa and DropBox.
Among those also affected by these rules are Web companies and critical infrastructure companies in sectors such as transport, banking healthcare and energy.
The rules are part of a five-point prioritised strategy the regional bloc says will help establish a coherent international cyberspace policy promoting the blocs core values, developing industrial and technological resources for cybersecurity and achieving cyber resilience.
The strategy is also aimed at developing a cyberdefence policy and capabilities relating to the Common Security and Defence Policy (CDSP), and above all slash cyber crime.
The guidelines that are to come in effect in the next one-and-a-half years are further expected to strengthen the European Network and Information Security Agency (ENISA) by keeping it on top of issues on the growth and advancements of attacks.
The rules have been met with various reactions with those opposing them, with Randy Abrams, a research director at NSS Labs, saying they could “stifle innovation”.
Other critics observe the disclosures could affect the timely response of attacks, thereby leading to increased threats to organisations.