Beta

Source: OJ L, 2024/1772, 25.6.2024

EN

Article 7 Economic impact

    1. For the purpose of determining the economic impact of the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; as referred to in Article 18(1), point (f), of Regulation (EU) 2022/2554, financial entitiesas defined in Article 2, points (a) to (t) shall, without accounting for financial recoveries, take into account the following types of direct and indirect costs and losses which they have incurred as a result of the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;:

      1. expropriated funds or financial assets for which they are liable, including assets lost to theft;

      2. costs for replacement or relocation of software means the part of an electronic information system which consists of computer code;, hardware means a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; or infrastructure;

      3. staff costs, including costs associated with replacement or relocation of staff, recruitment of extra staff, remuneration of overtime and recovery of lost or impaired skills;

      4. fees due to non-compliance with contractual obligations;

      5. costs for redress and compensation to customers;

      6. losses due to forgone revenues;

      7. costs associated with internal and external communication;

      8. advisory costs, including costs associated with legal counselling, forensic services and remediation services.

    1. Costs and losses referred to in paragraph 1 shall not include costs that are necessary for the day-to-day operation of the business, in particular the following:

      1. costs for general maintenance of infrastructure, equipment, hardware means a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; and software means the part of an electronic information system which consists of computer code;, and costs for keeping skills of staff up to date;

      2. internal or external costs to enhance the business after the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, including upgrades, improvements and risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment initiatives;

      3. insurance premiums.

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall calculate the amounts of costs and losses based on data available at the time of reporting. Where the actual amounts of costs and losses cannot be determined, financial entitiesas defined in Article 2, points (a) to (t) shall estimate those amounts.

    1. When assessing the economic impact of the incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555;, financial entitiesas defined in Article 2, points (a) to (t) shall sum up the costs and losses referred to in paragraph 1.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod