21st Oct 2016

Customers still 'in the dark' on cyber crime, warns EU agency

Cyber crime worth billions of euros is going unreported because companies are failing to admit to security breaches, according to a paper released Tuesday (28 August) by the EU's internet security agency.

In "Cyber incident reporting in the EU" the European Network and Information Security Agency (ENISA) highlighted a series of regulatory gaps in EU cyber laws. In its conclusions, ENISA admitted that although "large outages and large data breaches receive extensive media coverage.... many breaches, however, remain undetected and if detected, are not reported to authorities and not known to the public."

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

  • Cyber-crime worth billions is going unreported, says the EU's internet agency (Photo: *n3wjack's world in pixels)

The report highlighted five major cyber incidents which all went unreported, including an 'IP hijacking' case in April 2010 where China Telecom fed incorrect routing information instructing US and other international Internet traffic to feed through Chinese servers, swallowing 15% of global Internet use in less than 20 minutes.

In a press statement accompanying the report, co-authors Dr Marnix Dekker and Chris Karsberg admitted that “cyber incidents are most commonly kept secret when discovered, leaving customers and policymakers in the dark about frequency, impact and root causes.”

Commenting that the "lack of transparency and lack of information about incidents makes it difficult for policy makers to understand the overall impact", the report added that this, in turn, "complicates the effort in the industry to understand and address cyber security incidents."

Under the EU Telecoms directive adopted in 2009, service providers are required to report "all significant security breaches" to ENISA and national data supervisors. Meanwhile, provisions of the recently adopted e-privacy directive requires service providers to report all security lapses compromising personal data.

ENISA revealed that it had received 51 incident reports for 2011-2012, the first year of mandatory reporting requirements, saying that it would publish an overview of cyber-security breaches in September and annual reports from spring 2013 onwards.

However, the data was incomplete, with a number of member states yet to implement the directive in to national law, it said. ENISA executive director, Professor Udo Helmbrecht insisted that EU cyber policy should extend the reporting provisions for companies describing it as "essential to obtain a true cyber security picture."

A Eurobarometer in July revealed that one in ten Europeans had been victims of data theft, while online security firm McAfee estimated that cyber-crime cost businesses $750bn (€600bn) in lost income across the world in 2011.

EU Digital Agenda Commissioner Neelie Kroes has repeatedly promised plans for a detailed cyber security strategy, including a European Cyber-Crime Centre based in Europol's Dutch headquarters which will start work in 2013. Speaking in January at the World Economic Forum, Kroes called for concerted action on cyber-crime claiming that there was a 10% chance of a major break-down of the worldwide computer network.

News in Brief

  1. Canada and Wallonia end talks without Ceta deal
  2. Juncker hopes for Canada accord in 'next few days'
  3. Romania drops opposition to Ceta
  4. Difficulties remain on Ceta deal, says Walloon leader
  5. Brexit could lead to 'some civil unrest' in Northern Ireland
  6. ECB holds rates and continues quantitive easing programme
  7. Support for Danish People's Party drops, poll
  8. Spain's highest court overturns Catalan ban on bullfighting

Stakeholders' Highlights

  1. EFADraft Bill for a 2nd Scottish Independence Referendum
  2. UNICEFCalls on European Council to Address Plight of Refugee and Migrant Children
  3. ECTAJoin us on 9-10 November in Brussels and Discover the new EU Digital Landscape
  4. Access NowCan you Hear me now? Verizon’s Opportunity to Stand for Global Users
  5. Belgrade Security ForumMeaningful Dialogue Missing Not Only in the Balkans, but Throughout Europe
  6. EASPDJoin the Trip! 20 Years on the Road. Conference & Photo Exhibition on 19-21 October
  7. EuropecheEU Fishing Sector Celebrates Sustainably Sourced Seafood in EU Parliament
  8. World VisionWomen and Girls Urge EU Leadership to Help end Gender-based Violence
  9. Dialogue PlatformIs Jihadism Blind Spot of Western Intellectuals ? Wednesday 26 October
  10. Belgrade Security ForumGet the Latest News and Updates on the Belgrade Security Forum @BelSecForum
  11. Crowdsourcing Week EuropeMaster Crowdsourcing, Crowdfunding and Innovation! Conference 21 November - 10% Discount Code CSWEU16
  12. EJCEU Parliament's Roadmap for Relations with Iran a Massive Missed Opportunity

Latest News

  1. Dieselgate MEPs ask colleagues to 'reject status quo'
  2. Ceta failure deepens EU trade policy crisis
  3. Poland buttonholes Juncker on Russian pipeline
  4. Dieselgate: German environment officials 'heard only rumours'
  5. Wallonia still refuses to buy the Ceta "cat in a bag"
  6. Women shake Poland's pillars of power
  7. Malta, Latvia, and Hungary top EU obesity charts
  8. British PM asserts her role in EU 'nest of doves'