EU Businesses Risk Fines For Not Complying With IoT Security Rules

Companies could be fines of €15 million or 2.5% of turnover if they don’t comply with draft EU legislation addressing the Internet of Things (IoT). Makers of IoT devices - ranging from iPhones and fridges to baby monitors and TVs, and IT software developers  - will face heavy fines if they do not apply rules aimed at averting cyber attacks. 

These devices can have a poor degree of cyber security, as made evident by numerous vulnerabilities and the lack of security updates. 

IoT technology is propelled us into the Fourth Industrial age and are immensely valuable. But as the EU has noticed, there are inherent security risks; a breach in one tiny part of a system can compromise the whole unit. According to the draft, some vendors present customers with “insufficient” information about their level of protection. Companies will have to get certificates showing they’re meeting the basic requirements to minimise the risk of cyber attacks and hacking attacks. A study by EU regulators suggests that only 50% of relevant companies have proper security against cyber attacks. 

The size of the market for hardware makers is roughly 23,000 companies with a combined annual turnover of €285bn and around 370,000 software makers with a total yearly turnover of €265bn.

Digital identity expert David Mahdi, CISO Advisor at cyber security firm Sectigo says “The challenge that IoT security presents is the sheer multitude and diversity of devices, networks and protocols that, left unchecked, could pose severe threats to companies and people."

"Cutting-edge security technology is needed in order to ensure the information remains under control, and the use of machine intelligence is expected to provide a great advantage in monitoring operational security in the context of IoT. The attack vectors and threat actors to the IoT are constantly evolving, warranting best-practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future. This will be vital within the lifespan of the devices being deployed to customers.” Mahdi said. 

Fines for breaking a key component of the proposed legislation could exceed €15 million, or 2.5 percent of a company’s global annual revenue, whichever is greater. Less serious infractions may result in fines of up to €10 million, or 2% of worldwide annual sales. Organisations that give “incorrect, incomplete, or misleading” information could face fines of up to €5 million, or 1 percent of annual sales.

The  European Parliament, the Council of the European Union and the European member states have already voted to pass two important pieces of legislation that will tighten cybersecurity requirements for firms to reduce the risks of cyber attacks. 

In May, the EU Parliament and the Council reached a provisional agreement on the Digital Operational Resilience Act (DORA), and even though the deal still needs to be approved in plenary session; this is normally seen as a formality once there is political consensus. 

Pymnts:     Pymnts FT:     Bloomberg:    Techzine      IT News:

You Might Also Read:

Securing Smart Devices:

 

« Iranian Hacking Group Deploys Customised Spyware
The Metaverse: A Reality Check »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

GoVanguard

GoVanguard

GoVanguard is an boutique information security team delivering robust, business-focused information security solutions.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.

Attura

Attura

Atturra is one of Australia's leading advisory and IT solutions providers, focused on providing end-to-end transformation services to its clients.

SmartSea

SmartSea

SmartSea, a pioneering venture founded in collaboration with SITA, a global leader in aviation technology, is setting new standards in maritime digital transformation.