Posted in:

ViewPoint: If GDPR non-compliancy is punishable, should readiness be rewarded?

Cyber security expenditure is proving costly for European organisations. So is cyber security regulation. Tax credits for companies with proven GDPR compliance would offset the overhead, suggests James Hayes.

One of the more striking points to that will emerge from a review of cyber security characteristics in the Netherlands is that country’s state-level commitment to the criticality of cyber security to both economic stability and economic attractiveness. It’s a commitment that’s hardwired into many articles of the Dutch state legislature. This admirable stance is one that all nations should study, be influenced by.

Despite their wealth, European economies rely heavily on investment coming in from far beyond their borders. Such funds – be they in renminbi, real or rupee – look for a fully assured return on investment – a return that will not be compromised or diminished because of successive cyber crime activity.

Experts often refer to the ‘evolution’ of cyber threats; in fact, in many instances, threats are not so much evolving as devolving. I call it metamorphis (not really a proper word, I know – please don’t email): by it I mean that threats have changed shape, have become more automated.

Attacks that used to be perpetrated by human agents are now perpetrated by software entities. These nimble massed-attackers have now developed to become largely self-managed, and – according to some industry commentators – largely out of control. Expect this automated threat to worsen when your Black Hatted foes deploy Artificial Intelligence tools.

The rise of malicious bots provides ample insight into the direction this challenge has taken. They proliferate and spread and prevent Europe’s economies from achieving their fullest potential. They infiltrate and de-energise digital processes that should be enabled to boost common prosperity.

Europe needs innovative new initiatives that will bring much-needed continuity to the good cyber fight. Forms of tax credit for companies that have proven compliance with IT security and data protection legislation, such as GDPR, for instance, could be implemented across states where the regulation applies.

Such a scheme would demonstrate continuity of purpose among European states and organisations. It would also act as a message of support from states toward responsible organisations that have spent billions of their funds to secure themselves against threats that, arguably, governments should have tackled more head-on years ago.

James Hayes is Managing Editor of Cyber Security Europe.