- Chinese companies will only have one hour to inform serious cyber incidents
- Those who do not meet fines
- This comes when organizations around the world face great ransomware risks
The new regulations in China mean that companies now have only one hour to inform cybersecurity incidents that would fall into “particularly serious” or “serious” categories.
The administration of the cyberspace of China has implemented these new strict rules, which will begin on November 1 to adjust its security response.
To fall under the highest degree of gravity, the incident could interrupt more than 50% of the population of the province or involve the needs of more than 10 million people in daily life, such as public services, medical care, transport or groceries. It could also involve portals of officials or provincial or higher government agencies, or involve key national news sites.
Quick compliance
Incidents’ serious’ describe those who filter more than 10 million citizens’ data, affect 50% of the population of a city or affect more than 1 million people, as well as incidents that include government portals that are eliminated for more than six hours, or interruptions in critical infrastructure for more than an hour, the Post in the morning of southern China information.
Economic losses of more than ¥ 100 million (around £ 10 million) can also trigger the high severity classification, as well as anything that threatens social stability or national security.
Those who suffer a great gravity or a “serious” incident must inform which systems were attacked, the type of incident, the preliminary cause, an attack schedule, initial damage reports and a rescue in the authorities within an hour, together with the evaluations of potential danger and requests for government support.
Failure to comply with this strict timeline could see sanctions granted to the guilty organization;
“If the network operator informs security incidents of the late network, omitted, false or hidden, causing important harmful consequences, the network operator and relevant responsible persons will be punished in accordance with the law,” warns the CAC.
With a growing number of ransomware and data exfiltration attacks, China is not the only state that introduces new cybersecurity regulations to try to mitigate the risks for citizens. Only a few days ago, the United States Department of Defense issues new cyber rules for possible contractors, which show the priority of cybersecurity worldwide.
