Similarly, the European Union recently approved a Network and Information Security Directive that lays out parallel objectives. The Directive, which was adopted in July, requires that member nations form a Computer Security Incident Response Team (CSIRT) and that businesses in critical infrastructures notify national authorities when cybersecurity incidents occur. It also mandates that businesses set up a cooperation group to facilitate sharing of information about risks.3 In the U.K., four large banks have formed the Cyber Defense Alliance to work with the UK National Cyber Crime Unit. This industry-government group aims to enable banks to swap timely information on cyberthreat intelligence and response techniques. One of the banks has also dispatched an analyst to Interpol’s 4 cybersecurity investigations unit in Singapore. 3 European Commission, The Directive on security of network and information systems (NIS Directive), accessed October 17, 2016. 4 Bloomberg, Nothing Brings Banks Together Like a Good Hack, October 18, 2016 19 Key findings from The Global State of Information Security® Survey 2017 © 2016 PwC