EU Businesses Risk Fines For Not Complying With IoT Security Rules

Uploaded on 2022-10-05 in INTELLIGENCE--Europe, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Internet of Things

Companies could be fines of €15 million or 2.5% of turnover if they don’t comply with draft EU legislation addressing the Internet of Things (IoT). Makers of IoT devices - ranging from iPhones and fridges to baby monitors and TVs, and IT software developers  - will face heavy fines if they do not apply rules aimed at averting cyber attacks. 

These devices can have a poor degree of cyber security, as made evident by numerous vulnerabilities and the lack of security updates. 

IoT technology is propelled us into the Fourth Industrial age and are immensely valuable. But as the EU has noticed, there are inherent security risks; a breach in one tiny part of a system can compromise the whole unit. According to the draft, some vendors present customers with “insufficient” information about their level of protection. Companies will have to get certificates showing they’re meeting the basic requirements to minimise the risk of cyber attacks and hacking attacks. A study by EU regulators suggests that only 50% of relevant companies have proper security against cyber attacks. 

The size of the market for hardware makers is roughly 23,000 companies with a combined annual turnover of €285bn and around 370,000 software makers with a total yearly turnover of €265bn.

Digital identity expert David Mahdi, CISO Advisor at cyber security firm Sectigo says “The challenge that IoT security presents is the sheer multitude and diversity of devices, networks and protocols that, left unchecked, could pose severe threats to companies and people."

"Cutting-edge security technology is needed in order to ensure the information remains under control, and the use of machine intelligence is expected to provide a great advantage in monitoring operational security in the context of IoT. The attack vectors and threat actors to the IoT are constantly evolving, warranting best-practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future. This will be vital within the lifespan of the devices being deployed to customers.” Mahdi said. 

Fines for breaking a key component of the proposed legislation could exceed €15 million, or 2.5 percent of a company’s global annual revenue, whichever is greater. Less serious infractions may result in fines of up to €10 million, or 2% of worldwide annual sales. Organisations that give “incorrect, incomplete, or misleading” information could face fines of up to €5 million, or 1 percent of annual sales.

The  European Parliament, the Council of the European Union and the European member states have already voted to pass two important pieces of legislation that will tighten cybersecurity requirements for firms to reduce the risks of cyber attacks. 

In May, the EU Parliament and the Council reached a provisional agreement on the Digital Operational Resilience Act (DORA), and even though the deal still needs to be approved in plenary session; this is normally seen as a formality once there is political consensus. 

Pymnts:     Pymnts FT:     Bloomberg:    Techzine      IT News:

You Might Also Read:

Securing Smart Devices:

 

« Iranian Hacking Group Deploys Customised Spyware
The Metaverse: A Reality Check »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.