I was pretty excited to see this:
An EU official said the aim of the report was to get companies to be more open about cyber attacks and help them fend off such disruption.
“We want to change the culture around cyber security from one where people are sometimes afraid or ashamed to admit a problem, to one where authorities and network owners are better able to work together to maximize security,” the official said. (Ethan Bilby, “EU could make firms disclose network security breaches“)
Since my employer may be involved in those discussions, I want to refrain from comment on the particulars. I will say that I’m excited to see the discussion of people being afraid or ashamed show up at this level. Also, I’m hopeful that the EU will not overestimate the value of building yet another compliance regime without data about the efficacy of protective measures.