There is no legislation in Romania mandating legal entities to report cyberattacks, as reporting is optional, head of the National Cyberint Centre with Romania's Intelligence Service (SRI) Anton Rog told a specialist conference on Tuesday.
"There is no obligation incumbent on anyone in Romania for a simple reason: there is no legislation in Romania mandating the reporting of such incidents. Only those who wanted have reported. From all government-run companies and privately-owned companies, and from media accounts, there is only the case of a Bacau hospital, which data have been recovered to a very large extent. Other institutions have not reported, either because they had data back-ups, or because they were afraid of affecting their prestige. So, we are talking about the absence of legislation mandating the reporting of cyberattacks," said Rog.
Specialists say thing will improve, as a directive on security of network and information systems (NIS Directive) is being currently debated inside the European Union that has no connection with national security.
Officials of the Romanian public administration, the Romanian Police and IT and security solutions providers attended on Tuesday a conference called "How to get protected against cybercrime?" organised by Romania's Chamber of Commerce and Industry (CCIR).