- Chinese companies have only one hour to report serious cyber events
- Those who do not comply are facing fines
- This is coming as organizations all over the world are facing enormous ransomware -Risici
New rules in China mean that companies now have only one hour to report cyber security events that would fall into ‘especially serious’ or ‘serious’ categories.
Cyberspace Administration of China has rolled out these strict new rules that will start on November 1st to tighten their security response.
To fall below the highest degree of severity, the incident could interfere with over 50% of the province’s population or involve the needs of over 10 million people in their daily lives, such as utilities, healthcare, transport or groceries. It may also involve portals with provincial or higher officials or state agencies or involve key national news sites.
Quick compliance
‘Serious’ events describe those who leak over 10 million citizens’ data, affect 50% of a city’s population or affect over 1 million people’s lives – as well as events that include government portals that are taken down for over six hours, or disruptions in critical infrastructure for over an hour, they South China Morning Posts Reports.
Economic losses of over $ 100 million (about $ 10 million) can also trigger the classification of high difficulty, as well as everything that would threaten social stability or national security.
Those suffering from a high severity or ‘severe’ incident must report which systems were attacked, the event type, the preliminary cause, an attack time line, initial damage reports and ransom constitute the authorities within an hour along with assessments of potential danger and requests for state aid.
Failure to comply with this strict timeline could see sanctions awarded to the organization for errors;
“If the network operator reports late, omitted, erroneously reported or hidden network security events that cause major harmful consequences, the network operator and the relevant person responsible must be punished more seriously under the law,” warns CAC.
With an increasing number of ransomware and data ex -filtration attacks, China is not the only state introducing new cyber security regulations trying to mitigate the risk of citizens. Just a few days ago, the US Department of Defense is emitting strict new cyber rules for potential contractors showing prioritization of cyber security worldwide.
