This year’s World Economic Forum (WEF) was held in Davos in January hosting world leaders concentrating on economic issues. Prior to this annual meeting a 103 page Global Risk report was produced to identify the major concerns threatening world’s economies including climate change, food crises and weapons of mass destruction.

Many industries are going through what is deemed as the fourth industrial revolution.  With the maritime industry shifting to advanced technologies to help drive smart and intelligent shipping, these provide very exciting and innovative opportunities and are the biggest advance in maritime operations since the advent of the steam engine. Yet these technology advancements do bring major concerns in terms of cyber dependency and the major concern of cyber risks and threats.

 Cyber attacks have emerged as the most serious threat to North America. The frequency and volume of threats has increased to such alarming rates that they have become worldwide news such as the recent data breaches at Target, the Office of Personnel Management, Anthem and Ashley Madison.          

 Public and private companies have become more vulnerable to cyber attacks as established IT security controls are now failing to protect the current systems. Many companies are not moving quickly enough to new technologies, often because of cost and time constraints.   As a result, cyber attacks have been deemed the greatest threat and concern to eight global economies – the USA, Germany, Estonia, Japan, Holland, Switzerland, Singapore and Malaysia.

 This means that is it highly important that cyber attacks become an urgent boardroom debate; they are no longer an IT problem, but a whole company problem.

Cyber risks put the regulatory frameworks under pressure as they to adapt to these new high frequency and high risk economic threats.  The European Commission has finally agreed the EU Data Protection reform which consists of two parts: the General Data Protection Regulation and the Data Protection Directive.  Each member state will start to formally adopt the new regulation from the beginning of 2016 and then a two-year transition phase will follow.

So what does this new General Data Protection mean for you and your business?

  • Companies that fail to comply with the new regulation could face regular data protection audits, a warning and then a possible fine of up to €20m or 4% of annual worldwide turnover
  • Right to Erasure - meaning that a person has the right to request the erasure of personal data
  • Data Deletion - meaning that data should not be kept longer than needed and should then be destroyed
  • Data Portability - meaning that a request of a copy of personal data should be possible
  • Data Breach Notification becomes mandatory, within 72 hours of discovery, to the national Supervisory Authority. Notification to individuals "without undue delay"
  • Joint Liability protection - meaning if you use cloud services you and the provider are jointly liable
  • A Data Protection Officer must be appointed by all companies that process data on Europeans, if the company employs more than 250 staff or has revenues above €50m

Please click below to view a white paper om Maritime Cyber Security issued by ESC Global Security 

white paper

Source: ESC Global Security