European lawmakers approve new cybersecurity law

New rules will compel companies to report cyberattacks.

European lawmakers have approved a new cybersecurity law, a first for the continent, which pushes for greater cyber-defenses and mandates that companies report cyberattacks.

The European Parliament in Strasbourg, France endorsed the draft law, which imposes rules and obligations on array of industries, including banking, energy, transport, and tech giants.

The new rules compel companies to report cyberattacks and incidents where data has been breached. The law will also mandate the 28-member states (which, for now, still includes the UK) to work closer together on network and information security, specifically to lock down critical national infrastructure.

European governments have already thrown their support behind the effort.

The bill's rapporteur, Andreas Schwab, welcomed the bill's passing. "Fragmentary cybersecurity protection makes us all vulnerable and poses a big security risk for Europe as a whole," said the German politician in a statement.

Europe's information security agency, ENISA, said in a 2015 report that businesses and citizens lose as much as €360bn ($400bn) from cyberattacks and disruptions.