What will the amendment to the law on cyber security bring?

The amendment to the Cyber ​​Security Act (ZKB) brings a significant expansion of the so-call mandatory entities that will have a legal obligation to address cyber security and take appropriate steps to prevent security risks:

This obligation is newly introduc in a number of important sectors, such as healthcare, and others that provide critical “basic services” such as utilities, etc.
One of the most important duties for all these companies is to monitor the events in their own network and information systems, to be able to evaluate security attacks and report

The security authority in time

We see this obligation as key, because today most companies unfortunately do not even fulfill the basic requirements of the so-call cyber hygiene, which consists, among other things, in the ability to detect attacks, uncover, analyze and manage risks, and share information about attacks across individual enterprises, which will help other institutions to prepare better and in time for a possible threat.

There will also be a newly creat office that will prevent hacker attacks and propose measures to deal with security incidents. The specializ body will thus take over part of the role of the National Security Office. Failure to fulfill the new obligations can result in a fine of up to five million crowns.

The risk of computer attacks is increasing worldwide, in the Czech Republic there can be up to 1.7 million cyber attacks per year with possible losses of up to 5.4 billion crowns, according to data from the Czech Insurance Association. However, public reports informing about the success of cyber attacks are still less frequent in the Czech environment than abroad, which is partly due to two factors:

The ability to detect (or the ability to even notice an ongoing attack) is relatively weak in the Czech Republic. As part of risk prevention, companies should use modern detection tools, which are necessary to detect modern threats, and secure high-quality experts and security analysts.

The event that an attack  discover in a company

it is now a common practice to “hammer” and not reveal anything. Under the Cyber ​​Security Act, the affect companies are now requir to report the incident to the authority. The GDPR regulation takes a very similar approach to this area, which also includes the obligation to record every such incident, and to report the more significant ones within 72 hours.

A basic service is, in the words of the law, “a service whose provision is dependent on networks or information systems and whose disruption could have a significant impact on

hat has so far suffer a relatively significant inability to secure the necessary resources, whether financial or human, for these purposes. The law should now help them in this.
However, due to the high degree of neglect thailand phone number data and financial undervaluation in the past years, it will be very difficult for most businesses to meet the requirements of the ZKB in time.

In the future, how to harmonize the rules of the ZKB amendment with other legislation in this area, e.g. GDPR?

The rctly evaluate various types of cyber attacks, threats and risks, and to be able to respond to these risks quickly and

ZKB aims above all to protect the functionality and availability of basic services, for example to ensure that drinking water is how to create a new account at Hostinger available, electricity works, means of transport run, state authorities, banks, etc. The goal of the GDPR is, in particular, to protect the privacy and rights of natural persons from bw lists the point of view of protecting the processing of their personal data – so that no one steals, discloses, changes or deletes their personal data.