• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich

3

Current price of oil as of July 13, 2026

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich

3

Current price of oil as of July 13, 2026
CommentaryCybersecurity
Europe

How Companies Should Prepare For Europe’s New Cybersecurity Rules

By
Peter J. Beshar
Peter J. Beshar
Down Arrow Button Icon
By
Peter J. Beshar
Peter J. Beshar
Down Arrow Button Icon
August 3, 2016, 1:00 AM ET
European union and hacking, illustration
European union map showing the threat of hacking, illustration.ANDRZEJ WOJCICKI — Getty Images/Science Photo Library RF
Add Fortune on Google for similar content.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennan.

Cyber breaches have dominated the headlines in the United States, with public companies, government agencies, universities, and now even political parties reporting attacks. No sector has been spared. Gazing across the Atlantic, however, the landscape appears dramatically and blissfully different. Virtually no large European company has publicly acknowledged a cyber breach. Is there an Iron Dome or magnetic force field protecting Europe against cyber attacks?

Sadly not. Cyber attacks are occurring across Europe every day. The fundamental difference is that the U.S. has 47 state laws mandating the public disclosure of cyber attacks. Up until now, Europe did not. One possible consequence is that the time lag between a cyber intrusion and the detection of that incident is nearly three times longer in Europe than the rest of the world.

That will change — and the ramifications for European companies will be profound.

After years of debate, European authorities recently approved the EU General Data Protection Regulation. For the first time, companies operating in Europe will be required to report cyber breaches to national authorities within 72 hours and, if there is a significant risk of harm, companies would need to report the breaches to affected individuals. In addition, the regulation directs companies to implement “appropriate technical and organizational measures to ensure a level of security appropriate to the risk.” Companies that fail to adhere to these requirements will be subject to penalties of up to 4% of total revenues, as well as private lawsuits by individuals.

While formal implementation of the EU General Data Protection Regulation is two years away, we now have a window into what European companies can expect. Last year, the Dutch authorities adopted a “mini-GDPR” that imposes an obligation on companies operating in the Netherlands to report cyber incidents to the authorities. The fines for failure to do so can range up to 10% of a company’s revenues. In just the first 130 days since the law took effect at the start of this year, more than 1,500 cyber incidents were reported. Additionally, a 2015 study by PwC reported that 90% of large UK-based businesses – and 74% of small businesses – reported being hacked in the previous year.

Once these incidents are subject to public reporting, rather than whispers, public awareness and concern in Europe will increase markedly. If headlines are filled with reports of cyber breaches, supervisory boards of companies across the continent will press their management teams for assurance that proper attention and adequate resources are being allocated to confront this dynamic risk. Policymakers and data protection authorities will closely monitor these developments, particularly when attacks are directed at critical infrastructure.

The best risk mitigation strategy, of course, is preparation. European companies should be conducting comprehensive assessments of their IT security practices and benchmarking their performance against an established industry standard. In developing a plan of action, four key points should be considered.

First, cyber security is not an IT problem.

One of the lessons from the U.S. is that treating cyber risks as solely an IT issue will not work. The most senior members of a management team, including the CEO, CFO and GC, alongside the board of directors, need to be conversant with the principal threats facing their companies and the strategies for mitigating those threats. Too many companies continue to segregate their cyber security strategy within the walls of their IT departments. This must change.

Second, keep current with the most rampant types of attacks.

Though there are many forms and vectors of attack, “spearphishing” tops the list. Hackers send bespoke e-mails with details lifted from an employee’s Facebook page or forward “spoof” job listings from LinkedIn. Once an employee clicks on the attachment or link, malware is loaded on to the company’s system. Not surprisingly, more than 90% of successful cyber attacks begin with phishing campaigns. While there is no simple fix, technology in the form of detonation software that scans and then explodes malware in a quarantined environment, regular training of employees and sound software patch management protocols are crucial.

Third, build relationships with security, law enforcement and data protection authorities.

Trying to solve this issue alone will not work for either the government or industry. We are in this together. Collaboration with law enforcement is particularly important for operators of critical infrastructure — power plants, telecommunications networks, transportation systems, chemical facilities, dams, civilian nuclear plants, and aviation, to name a few. Given the large percentage of critical infrastructure owned and operated by the private sector in the United States, American authorities have worked diligently to forge public-private partnerships to enhance cyber resilience. Replicating this model, the EU just adopted a new Network Information System Directive and a call for a Public-Private Partnership to combat this dynamic risk. Companies should embrace these efforts.

Fourth, assume you will be breached. Not if, but when. Do you have a written incident response plan?

Have you conducted a simulated drill for a cyber attack? Do you have an external and internal communications strategy? The goal is not elimination of the threat, but rather resilience. When a breach takes place, the objective is to be able to maintain the smooth running of your core operations.

Adequate preparation for cyberattacks is complicated, costly, and for many companies, somewhat counterintuitive. But armed with the facts and a clear regulatory roadmap, now is the time to make the necessary investments – and just as important, build the corporate culture – to protect your business and clients.

As cyber attacks grow more sophisticated and cause greater damage to industries and individuals, it will be increasingly difficult to counter this threat unless we learn from each other and incorporate best practices on both sides of the Atlantic.

About the Author
By Peter J. Beshar
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Commentary

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Commentary

b
CommentaryWorld Cup
Columbia Business School professors: What the Balogun red card can teach us about AI and judgment
By Oded Netzer, Christopher Frank and Paul MagnoneJuly 13, 2026
8 hours ago
usa
Commentary250 Years of Innovation
For 250 years, work defined American identity. That era Is ending
By Keith Ferrazzi and Wendy SmithJuly 11, 2026
3 days ago
m
Commentarymedicine
America’s bone health is quietly headed for a $19 billion crisis
By Matthew T. DrakeJuly 9, 2026
5 days ago
t
CommentaryEducation
AI is about to disrupt millions of jobs. A century ago, America’s answer was to build a new high school
By Tim KnowlesJuly 8, 2026
6 days ago
amit
CommentaryVenture Capital
Physical AI’s $50 trillion opportunity requires long-term conviction, but the payoff is huge 
By Amit ChaturvedyJuly 8, 2026
6 days ago
heat
Commentaryclimate change
McKinsey Global Institute: Climate planning has prioritized floods. Heat demands equal attention
By Sylvain Johansson, Mekala Krishnan, Kanmani Chockalingam and Annabel FarrJuly 7, 2026
7 days ago

Most Popular

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
Innovation
The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
By Sasha RogelbergJuly 12, 2026
1 day ago
Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich
Big Tech
Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich
By Marco Quiroz-GutierrezJuly 12, 2026
1 day ago
Current price of oil as of July 13, 2026
Personal Finance
Current price of oil as of July 13, 2026
By Joseph HostetlerJuly 13, 2026
14 hours ago
Trump embraces Australian retirement system backed by Larry Fink
Personal Finance
Trump embraces Australian retirement system backed by Larry Fink
By Brianna Sosa and BloombergJuly 12, 2026
1 day ago
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
Success
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
By Preston ForeJuly 6, 2026
7 days ago
Wyoming officials say Meta’s 715,000-square-foot data center is responsible for contaminating its water system with a rare bacterium
Environment
Wyoming officials say Meta’s 715,000-square-foot data center is responsible for contaminating its water system with a rare bacterium
By Sasha RogelbergJuly 10, 2026
3 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.