The media is replete with reports of a botnet onslaught paralyzing Spamhaus, flaming worms usurping strategic information in the Middle East and a stuxnet super weapon wreaking physical damage to Iran’s nuclear reactors. Behind these barbaric neologisms hides a real and serious threat to most corporations: cyberattacks. Given the importance and breadth of electronic data stored within corporations today, any unauthorized access could lead to serious consequences ranging from a public relations nightmare to actual, significant monetary damages. When it comes to cyber-attacks, recent examples demonstrate that no organization is too big or too sophisticated to be immune.

In light of the risks involved, corporations must take appropriate measures, while considering the ever-evolving global regulatory regime. In addition to U.S. efforts to address cybersecurity risks, the European Commission published a proposed directive on network and information security. If and when it passes, the directive shall trigger significant changes in the way European companies and those doing business in Europe use information technology.