Cyber storm clouds are gathering over Europe on three fronts.
First and foremost, the cyber threat environment is intensifying dramatically. Concerns about the misappropriation of financial and personal data — while important — have been supplanted by the spectre of an even larger and more devastating threat. Cyber attacks on critical infrastructure — manufacturing plants, power stations, aviation systems, transportation networks, water systems and even nuclear facilities — are the new reality in Europe. And new vectors of attack are being launched against political parties and electoral systems as national elections loom in France, Germany and the Netherlands in 2017.
Second, while this dynamic is unfolding, the regulatory environment in Europe is about to change profoundly. The European Union has adopted a sweeping General Data Protection Regulation (GDPR) that will impose significant new obligations on industry and its handling of personal data. The Rapporteur assigned by the European Parliament to lead the final negotiations on the EU GDPR, Jan Albrecht, announced upon its passage in the summer of 2016: “The GDPR will change not only the European Data protection laws but nothing less than the whole world as we know it.”