The European Parliament (EP) has adopted the draft Network and Information Security Directive, commonly referred to as the Cyber Security Directive. The new Directive forms part of a package of legislation that will replace the 1995 Data Protection Directive (95/46/EC) and is set to introduce some significant changes to data protection regulation in the EU.

Under the new Directive, firms found in breach of data protection rules may be subject to fines of up to €100 million or 5% of their global turnover (whichever is the greater). This could lead to a substantial increase in the number of cyber insurance policies taken across the EU. Cyber insurance cover would offer firms protection against the costs of dealing with a security breach. It would also provide cover against claims from third parties who would have suffered damage as a consequence of the breach.

The EP will next negotiate with the EU Council to reach an agreement on the final text of the Network and Information Security Directive. More information on the proposed Directive can be found by clicking here.