A large number of Irish company directors remain unaware that they can be held personally liable if gross negligence can be proved following a cyber-security incident, under new EU rules due to be implemented soon, according to the Institute of Directors (IoD).
In a report published today, it said that 41pc of directors aren’t aware of the personal responsibility in relation to the new rules.
The new rules, under the European Union’s NIS2 directive, seek to attain a high common level of cyber security across the trading bloc.
The EU’s cyber-security rules that were first introduced in 2016 were updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cyber-security threat landscape.
Businesses identified by member states as operators of essential services in sectors such as energy, transport, water, banking and financial market infrastructures, will have to take appropriate security measures and notify relevant national authorities of serious incidents.
It is the responsibility of all directors to ensure they have the necessary skills
Key digital-service providers – such as search engines, cloud-computing services and online marketplaces – will have to comply with the security and notification requirements under NIS2.
“It is the responsibility of all directors to ensure they have the necessary skills and knowledge to deal with risks to their organisation and ensure compliance with all necessary cyber-security regulations,” noted IoD Ireland chief executive Caroline Spillane.
Ireland’s National Cyber Security Centre (NCSC) estimates that NIS2 will apply to more than 3,000 Irish organisations, with expanded cyber-compliance requirements. But the IoD survey found that nearly 84pc of Irish senior leaders do not fully understand these new EU rules, which are to be implemented by the Government as soon as possible.
The findings were released ahead of the IoD’s ‘Leading in Governance’ conference, which is taking place later today in Dublin.
The survey also found that 36pc of directors now cite artificial intelligence as a key tool for improving operational efficiency and driving business competitiveness.
It found that 26pc are experimenting with the use of generative AI, while 28pc of IoD members are most concerned about data leakage in relation to AI.
The NCSC recommends that no organisation hands over money following a ransomware – and the survey also found that 38pc of directors agreed that their organisation has made a decision not to pay hackers in the event of any ransomware attack.
However 37pc of respondents were not clear on whether a decision had been made within their organisation over paying ransomware demands or not.
Source link : http://www.bing.com/news/apiclick.aspx?ref=FexRss&aid=&tid=6719aa73450146ab968f16007b25e0c3&url=https%3A%2F%2Fwww.independent.ie%2Fbusiness%2Fdirectors-unaware-of-their-personal-liability-under-eus-new-cyber-directive%2Fa1314000253.html&c=2237800350066503072&mkt=de-de
Author :
Publish date : 2024-10-23 17:30:00
Copyright for syndicated content belongs to the linked Source.
