EU law lacking when it comes IT and cyber protection

Cyber War

A lack of legal liability protection is providing opportunities for cyber criminals to break down secure networks.

Speaking at Marsh’s cyber security update this week, London law firm Speechly Bircham partner and head of technology and intellectual property Alexander Carter-Silk said the lack of legal protection means criminals enjoy too much freedom, allowing them to develop their hacking skills.

The need for greater legal protection has created a bustling cyber security marketplace yet hackers are far from deterred by new and ubiquitous security solutions. Instead “they take it on as a challenge”, Carter-Silk said.

He added that the looming EU cyber security directive that imposes security obligations on critical infrastructure and important systems does little to punish the perpetrators.

“This is the only area of law where we sanction the victim. We impose data protection laws on everybody that handles data, but where’s the sanction for the guy who’s causing this?”

“There are elements in the legal structure that are incredibly weak. One is the public law response and that we are spending billions on cyber defence, but the more we defend; the more we encourage attacks.”

In addition, some businesses are exploiting the knowledge and expertise of malicious ‘black hat’ hackers to gain a competitive edge over their rivals.

Carter-Silk said: “One of the things I am seeing a lot more of as a lawyer is mercenary attacks, which is when one company pays for an attack to reduce the capacity of a rival company. If you poke around on the dark web you can find the price of a DDoS (distributed denial of server) attack.”