Information systems can be affected by security incidents, such as human mistakes, natural events, technical failures or malicious attacks. These incidents are becoming bigger, more frequent, and more complex. 57% of people who responded to a Commission consultation said they had experienced Network Information Security (NIS) incidents over the previous year. A lack of NIS can compromise vital services: it can stop businesses functioning, generate substantial financial losses for the EU economy and negatively affect societal welfare. Digital information systems, in particular the internet, work across borders. A disruption in one EU country can have a knock-on effect in other Member States or the EU as a whole - for example, cross-border movement of goods, services and people could be hampered.