EU Businesses Risk Fines For Not Complying With IoT Security Rules

Companies could be fines of €15 million or 2.5% of turnover if they don’t comply with draft EU legislation addressing the Internet of Things (IoT). Makers of IoT devices - ranging from iPhones and fridges to baby monitors and TVs, and IT software developers  - will face heavy fines if they do not apply rules aimed at averting cyber attacks. 

These devices can have a poor degree of cyber security, as made evident by numerous vulnerabilities and the lack of security updates. 

IoT technology is propelled us into the Fourth Industrial age and are immensely valuable. But as the EU has noticed, there are inherent security risks; a breach in one tiny part of a system can compromise the whole unit. According to the draft, some vendors present customers with “insufficient” information about their level of protection. Companies will have to get certificates showing they’re meeting the basic requirements to minimise the risk of cyber attacks and hacking attacks. A study by EU regulators suggests that only 50% of relevant companies have proper security against cyber attacks. 

The size of the market for hardware makers is roughly 23,000 companies with a combined annual turnover of €285bn and around 370,000 software makers with a total yearly turnover of €265bn.

Digital identity expert David Mahdi, CISO Advisor at cyber security firm Sectigo says “The challenge that IoT security presents is the sheer multitude and diversity of devices, networks and protocols that, left unchecked, could pose severe threats to companies and people."

"Cutting-edge security technology is needed in order to ensure the information remains under control, and the use of machine intelligence is expected to provide a great advantage in monitoring operational security in the context of IoT. The attack vectors and threat actors to the IoT are constantly evolving, warranting best-practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future. This will be vital within the lifespan of the devices being deployed to customers.” Mahdi said. 

Fines for breaking a key component of the proposed legislation could exceed €15 million, or 2.5 percent of a company’s global annual revenue, whichever is greater. Less serious infractions may result in fines of up to €10 million, or 2% of worldwide annual sales. Organisations that give “incorrect, incomplete, or misleading” information could face fines of up to €5 million, or 1 percent of annual sales.

The  European Parliament, the Council of the European Union and the European member states have already voted to pass two important pieces of legislation that will tighten cybersecurity requirements for firms to reduce the risks of cyber attacks. 

In May, the EU Parliament and the Council reached a provisional agreement on the Digital Operational Resilience Act (DORA), and even though the deal still needs to be approved in plenary session; this is normally seen as a formality once there is political consensus. 

Pymnts:     Pymnts FT:     Bloomberg:    Techzine      IT News:

You Might Also Read:

Securing Smart Devices:

 

« Iranian Hacking Group Deploys Customised Spyware
The Metaverse: A Reality Check »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Forensic Control

Forensic Control

Forensic Control is an insider threat and risk management firm specialising in computer forensics and behavioural psychology.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

InfoArmor

InfoArmor

InfoArmor delivers information protection solutions, intelligence and investigative services to help businesses fight evolving online threats.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Ingenico Group

Ingenico Group

Ingenico is a leader in secure electronic payment solutions.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.