Cyber criminals will be subject to stiffer sentences in the EU, following a European Parliament vote in favour of a draft directive on illegal access to information.
It requires member states to set maximum terms at not less than two years in prison for illegally accessing or interfering with information systems, interfering with data, illegally intercepting communications or intentionally producing and selling tools to commit those offences.
While the directive allows exemptions for "minor cases", it leaves it up to the member states on how these should be defined.
Anyone setting up a botnet to remotely control other people's computers will be subject to three years inside, and attacks on critical national infrastructure will bring five years.
Company penalties
The penalties don't just apply to the hackers, but any individuals or companies that hire the cyber crooks to benefit from the offences. They could be subject to closure or denied any public benefits such as subsidies.
The directive also requires member states to respond to any requests for help against cyber attacks within eight hours.
The European Council is expected to adopt the directive soon, following which member states will have two years to put it into law.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A European Parliament statement said the UK has already decided to apply the directive. The Government recently announced it was to spend £4 million on making small businesses and consumers more aware of the dangers of cyber crime.
In May the Federation of Small Businesses published a report highlighting the problems many SMBs face in dealing with cyber security, the most common being that it is complex and time consuming.