18
Mon, Nov
52 New Articles

Cybersecurity – New Challenge for Czech Businesses?

Cybersecurity – New Challenge for Czech Businesses?

Issue 11.4
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Similarly to other countries, the Czech Republic is undergoing a digital transformation. Without a doubt, this transformation allows businesses to facilitate their operations and makes all of our lives much easier. On the other hand, this transformation leads to new cybersecurity threats that may hinder businesses and cause significant losses.

Threats of cyberattacks have become more imminent recently due to several factors, such as the COVID-19 pandemic that made companies adapt to remote working and, consequently, created more opportunities for cybercriminals. The war in Ukraine has also increased the risk of cyberattacks.

Such attacks are usually aimed at confidential information and data which present an essential value for businesses and organizations. Attackers also often try to disrupt the operations of certain organizations – in particular, of providers of important services or utilities.

The fact that cybersecurity risks have increased is evidenced by data published by the authorities as well as by certain businesses. The 2022 Report on the State of Cybersecurity in the Czech Republic issued by the Czech National Cyber and Information Security Authority (Authority) on July 17, 2023 (the Authority’s most recent report on this topic), states that while the Authority recorded a slight decrease in cyber incidents in 2022, the Czech Police recorded an almost twofold increase in cybercriminal activities. The report also mentions that the activities of state-sponsored cyber actors and cybercriminal groups continue to be the greatest threat to the Czech Republic’s cybersecurity. The increase in cybersecurity risks was confirmed by businesses. For instance, according to a press release published on January 30, 2024, by the Czech Banking Association, in 2023, Czech banks recorded 69,685 attacked clients with a total damage of CZK 1.35 billion.

These steadily increasing cybersecurity risks have been reflected in various pieces of legislation. The most significant piece of legislation concerning cybersecurity is EU Directive 2022/2555 on Measures for a High Common Level of Cybersecurity Across the EU, called NIS 2, which modifies the current cybersecurity legislation applicable in the EU. NIS 2 entered into force on January 16, 2023, and EU Member States must implement it into their national legislations by October 17, 2024. In the Czech Republic, the Authority already published a bill that is going to implement the NIS 2 Directive and which shall soon be introduced to parliament.

The obligations to be imposed on the organizations by the new legislation will include the obligation to take appropriate and proportionate technical, operational, and organizational measures to manage the risks posed to their systems. These measures will consist of adopting policies assessing the effectiveness of cybersecurity risk-management measures or ensuring supply chain security and human resources security. Members of management bodies will be required to attend regular training to gain sufficient knowledge and skills to identify risks and their impact on the services provided by the organizations.

Non-compliance with the obligations may lead to significant fines as the EU legislation requires EU member states to ensure that the fines will reach a maximum of at least EUR 10 million or 2% of total worldwide turnover.

It is presumed that the new legislation will impose cybersecurity requirements on a much broader number of businesses than the current legislation. According to some estimates, in the Czech Republic, the number of organizations affected by the new legislation will increase from 600 to at least 6,000. Some say that it may even concern 15,000 subjects. The costs for implementing the obligations imposed by the new legislation are not negligible either. Czech organizations that are already dealing with cybersecurity have indicated that they annually spend tens of millions of Czech koruna (e.g., hospitals or Czech Post), hundreds of millions of Czech koruna (banks), or even billions of Czech koruna (the Czech conglomerate generating, distributing, and trading electricity and heat).

Although cyberattacks may present significant risks and the breach of obligations imposed by cybersecurity legislation may bring important sanctions, many businesses have not yet begun preparing for the new rules. According to some surveys, up to 80% of employees of IT departments in Czech companies do not know whether their organizations will be affected by the new legislation. This number seems high. Since the implementation of new requirements may take time, Czech companies should begin to prepare at their earliest convenience. Otherwise, cybersecurity may become a real challenge.

By Petr Hradil, Head of Cybersecurity, Peterka & Partners

This article was originally published in Issue 11.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Czech Republic Knowledge Partner

PRK Partners, one of the leading Central European law firms, has been helping clients achieve their business objectives almost 30 years. Our team of lawyers, based in our Prague, Ostrava, and Bratislava offices, has a unique knowledge of Czech and Slovak law and of the business environment. Our lawyers studied at top law schools in the United States, United Kingdom, Switzerland and elsewhere. They also have experience working for leading international and domestic law firms in a number of jurisdictions. We speak your language, too. Our legal team is fluent in more than 15 languages, including all the key languages of the region.

PRK Partners has one of the most experienced legal teams on the market. We are consistently rated as one of the leading law firms in the region. We have received many significant honours and awards for our work. We represent the interests of international clients operating in the Czech Republic in an efficient way, combining local knowledge with an understanding of their global requirements in a business-friendly approach. We are one of the largest law firms in the Czech Republic and Slovakia. Our specialised teams of lawyers and tax advisors advise major global corporations as well as local companies. We provide comprehensive legal advice drawing on our profound knowledge of local law and markets.

Our legal advice delivers tangible results – as proven by our strong track record. We are the only Czech member firm of Lex Mundi, the world's leading network of independent law firms. As one of the leading law firms in the region, we have received many national and international awards, in some cases several years in a row. Honours include the Chambers Europe Award for Excellence, The Lawyer and Czech and Slovak Law Firm of the Year. Thanks to our close cooperation with leading international law firms and strong local players, we can serve clients in multiple jurisdictions around the globe. Our strong network means that we can meet your needs, wherever you do business.

PRK Partners has been repeatedly voted among the most socially responsible firms in the category of small and mid-sized firms and was awarded the bronze certificate at the annual TOP Responsible Firm of the Year Awards.

Our work is not only “business”: we have participated on a longstanding basis in a wide variety of pro bono projects and supported our partners from the non-profit sector (Kaplicky Centre Endowment Fund, Tereza Maxová Foundation, Czech Donors Forum, etc.).

Firm's website: www.prkpartners.com

Our Latest Issue