In the past two years, 80% of European businesses have been targeted in cyber attacks. Given the prevalence of such attacks, the Chamber of Deputies passed legislation to increase cyber security.
Globally, the costs of cyber attacks run up to more than €400 billion per year. On Wednesday, Luxembourg's Chamber of Deputies unanimously approved a draft bill concerning information system security. Specifically, the draft bill concerned applying an EU directive to Luxembourg's legislation.
In presenting the project, rapporteur Eugène Berger (Democratic Party) reminded his colleagues that Luxembourg is not an island safe from the risks of cyber crime. He highlighted that there were 12 businesses which required help in cyber crime incidents and proclaimed that the Chamber of Deputies had not been exempt from attacks either.
The draft bill entails uniform rules for both digital service operators and suppliers. Berger added that these operators and suppliers will have to take all necessary precautions to best protect their systems. In case of a cyber attack, those offering digital services must report the attacks to the relevant authorities. In the financial industry, that authority is the CSSF, the supervisory and regulatory institution for the financial sector. The Luxembourg Regulatory Institute (ILR) is responsible for other sectors, included the energy, transport, and postal sectors.
Whilst MPs unanimously passed the legislation, there remained certain criticisms from members of the opposition. The Pirate Party's Sven Clement pointed out that MPs were to vote on legislation without knowing which businesses would be affected by the draft bill. He deplored the lack of clarity as it could have an impact on the local economy, regardless of how good the draft bill's text is.
Clement's point notwithstanding, MPs were in agreement concerning the importance of the directive in both the economic impact of cyber crime and the increasing importance of digitalisation in society.