What is the new legal context following the approval of the new network and information systems security law that cracks down on cybersecurity guidelines in Spain?
Why should we invest in cybersecurity? Who does it affect? Why does it matter? On the latest LawAhead roundtable discussion, Gianluca D’Antonio and Vicente Moret focused on the new legal context we’re facing following the approval of the Real Decreto-Ley 12/2018, a law that cracks down on cybersecurity guidelines in Spain.
Gianluca D’Antonio, Chief Information Officer at FCC Group and Academic Director of the Master in Cybersecurity of IE School of Human Sciences & Technology, began explaining that by 2021, the annual cost of cybercrime will reach $6 billion. Breaking this number down, cybercrime affects not only businesses, but also governments, organizations, and individuals.
However, while cybercrime is far-reaching and undeniably on the rise, the collective response to the issue has been slow. For example, 44 percent of companies have no general cybersecurity strategy, and 58 percent have no incident response plan. The demand for cybersecurity professionals is much higher than the supply, and universities are rushing to create innovative programs to fill this labor gap.
D’Antonio made a case for a shift from cybersecurity to what’s known as “digital security”: a comprehensive security strategy that includes both cyber and physical security systems.
One leader in the world of cybersecurity, as D’Antonio pointed out, is the State of California, which recently passed the first-ever state law addressing IoT security. The new legislation requires manufacturers of Internet-connected or smart devices to guarantee they possess “reasonable security features to… protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”
Another data protection pioneer, according to D’Antonio, is the World Economic Forum (WEF), which recently opened the Centre for Cybersecurity. The WEF explained that “urgent action is needed to create a safe operating environment for new technologies like Artificial Intelligence, robotics, drones, self-driving cars, and the Internet of Things (IoT).”
In addition to calling for more investment in cyber defense and more regulation on a governmental level, D’Antonio made a case for a shift from cybersecurity to what’s known as “digital security”: a comprehensive security strategy that includes both cyber and physical security systems.
Vicente Moret, Legal Counsel to the Spanish Congress and Economical Affairs and Infrastructures Director of the Congress, took the floor next, shifting the topic to the details of this new law and its implications. He explained that the law affects any entity that provides the community with essential services that rely on networks and information systems to carry out their activities. It also applies to certain digital service providers.
The end goal of this new regulation is to make everyone’s data safer, and Moret fully supports it. “Winter is coming. The era of cyberspace as a field outside of law is over,” he added.
Following the two main speakers, the floor was opened up to questions from participants, who brought up topics including the regulation of blockchain and cryptocurrency.