Sacre Bleu! New French Cyber Law Makes US Regs Look Clear In Comparison 

by

A new French law, which kicks in April 24, requires companies to report cyber incidents to authorities within 72 hours or lose their eligibility for cyber insurance reimbursement.

Qu’est-ce qui pourrait mal se passer?

Well, there are a few little issues to iron out, say industry observers. Such as:

*Report the incidents to whom? There appear to be at least two French government agencies that could take the reports.

*Report the incidents when? Is it 72 hours after the company determines it’s had a security incident, or within 72 hours of the event occurring?

*Report the incidents where? What if a French company is hacked “in” a foreign country where it’s covered by a foreign insurance company? Must they report to French authorities (once they figure out which agency is supposed to get the reports)?

Mark Sauter

Mark Sauter’s insights on the financial, policy and security elements of cyber insurance are based on years of experience in the investment banking, media and business worlds. Co-author of the McGraw Hill university textbook “Homeland Security: a Complete Guide,” Sauter was also a consultant to one of the world’s largest software companies and served as a US Army Special Forces and infantry officer.

See also  Company Learns the Hard Way that Cyber Insurers May Not Count Social Engineering Attacks As "Computer Fraud" 
×