Daily news of major hacks and cybercrime is generating a lot of concern about attacks on essential services and producing billions in revenue for organized crime. So, it isn't surprising that Europe sees this as one of the top three existential threats it faces today, right above immigration and below climate change.

Unfortunately, there's no escaping the fact that commercial organizations remain a primary target for cybercriminals. Digital assets are usually the crown jewels of a business, especially when you consider the value of assets like IP, customer data and trade secrets. With many other types of organization, operators of essential services are developing increasingly digitalized business models, which acts only to widen the surface area for a cyber-attack. Consequently, the risk of an OES suffering a cyber incident is not going away, and there are right to be concerned about the possible consequences of this. Bryony Hurst, partner at Bird & Bird LLP, recently sat down with Inside Counsel to discuss this in more detail.

In Europe on May 9, 2018, the Network & Information Systems Directive (NISD) will come into force. This imposes strict obligations upon Operators of Essential Services to put in place appropriate and proportionate technical and organizational risk management measures, including measures to prevent and minimize the impact of incidents that affect the security of their systems and networks. It also obliges them to act swiftly when an incident occurs, both in terms of investigating the incident and reporting it to their regulator.