A French decree.
The South African insurance industry may be able to bear the recently increased legislative burden with ease, now that we can compare compliance systems with what is unfolding in France.
Companies in South Africa may be complaining of the heavy burden of compliance requirements and the onslaught of change they face in this area, but ours is nothing compared to the bills and decrees being rolled out by the French government. In a previous article, RISKSA highlighted the French socialist government’s support of a bill that could put the onus on large French corporations to be accountable for labour and environmental conditions throughout their supply chains. It seems they’re adding even more weight to companies deemed vital to France’s national security. The French government published three decrees on 27 March that regulate the national cyber security of the aforementioned companies. The rule makes it mandatory to report cyber attacks to the agency that manages France’s national cyber security strategy, ANSSI, and it will impact 218 key operators in the energy, transportation, finances, and sanitation sectors. The requirement only affected telecom operators prior to the new law. On top of having to comply with direct orders from the French prime minister,
el Wentz a Meliss these companies will have to install intrusion detection systems that will be directly audited by ANSSI (or other certified contractors such as Thales), and self-fund the implementation of any further cyber security measures demanded by the cyber security firm. Some of the affected companies may not have secure systems already in place to report