Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

22 March 2016

ECIIA: Governance gap in Europe’s cyber laws


ECIIA says that Europe’s current legislation on cybersecurity does not include robust corporate governance processes to help businesses manage cyber risks across their operations.

ECIIA calls on the EC to develop legislation and guidance frameworks to promote integrated, cross-departmental approaches to manage cyber risks, in its response to the body’s recent consultation exercise. It says a wide range of partners within organisations need to co-ordinate their efforts in this area including compliance, finance, human resources, internal audit, IT and legal functions.

“There is a real gap in this area that needs to be plugged,” Henrik Stein, ECIIA President, says. “Without joined up thinking and action on cyber security, businesses are at greater risk than they should be.”

He says that senior management should track and report on the business impact of cyber threats and all risk management activity. “For its part, internal audit evaluates the effectiveness of cyber threat risk management and reports to the audit committee and board on these issues,” he adds.

ECIIA recognises that organisations that operate in multiple jurisdictions face additional problems because reporting requirements remain unharmonised. It says there is a case for developing global best practice and standards to help corporations monitor their global reporting on cyber security and risk effectively.

Full response



© ECIIA


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment