EU Businesses Risk Fines For Not Complying With IoT Security Rules

Uploaded on 2022-10-05 in INTELLIGENCE--Europe, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Internet of Things

Companies could be fines of €15 million or 2.5% of turnover if they don’t comply with draft EU legislation addressing the Internet of Things (IoT). Makers of IoT devices - ranging from iPhones and fridges to baby monitors and TVs, and IT software developers  - will face heavy fines if they do not apply rules aimed at averting cyber attacks. 

These devices can have a poor degree of cyber security, as made evident by numerous vulnerabilities and the lack of security updates. 

IoT technology is propelled us into the Fourth Industrial age and are immensely valuable. But as the EU has noticed, there are inherent security risks; a breach in one tiny part of a system can compromise the whole unit. According to the draft, some vendors present customers with “insufficient” information about their level of protection. Companies will have to get certificates showing they’re meeting the basic requirements to minimise the risk of cyber attacks and hacking attacks. A study by EU regulators suggests that only 50% of relevant companies have proper security against cyber attacks. 

The size of the market for hardware makers is roughly 23,000 companies with a combined annual turnover of €285bn and around 370,000 software makers with a total yearly turnover of €265bn.

Digital identity expert David Mahdi, CISO Advisor at cyber security firm Sectigo says “The challenge that IoT security presents is the sheer multitude and diversity of devices, networks and protocols that, left unchecked, could pose severe threats to companies and people."

"Cutting-edge security technology is needed in order to ensure the information remains under control, and the use of machine intelligence is expected to provide a great advantage in monitoring operational security in the context of IoT. The attack vectors and threat actors to the IoT are constantly evolving, warranting best-practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future. This will be vital within the lifespan of the devices being deployed to customers.” Mahdi said. 

Fines for breaking a key component of the proposed legislation could exceed €15 million, or 2.5 percent of a company’s global annual revenue, whichever is greater. Less serious infractions may result in fines of up to €10 million, or 2% of worldwide annual sales. Organisations that give “incorrect, incomplete, or misleading” information could face fines of up to €5 million, or 1 percent of annual sales.

The  European Parliament, the Council of the European Union and the European member states have already voted to pass two important pieces of legislation that will tighten cybersecurity requirements for firms to reduce the risks of cyber attacks. 

In May, the EU Parliament and the Council reached a provisional agreement on the Digital Operational Resilience Act (DORA), and even though the deal still needs to be approved in plenary session; this is normally seen as a formality once there is political consensus. 

Pymnts:     Pymnts FT:     Bloomberg:    Techzine      IT News:

You Might Also Read:

Securing Smart Devices:

 

« Iranian Hacking Group Deploys Customised Spyware
The Metaverse: A Reality Check »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

RunReveal

RunReveal

RunReveal's mission is to make sure no breach goes undetected. That means having a product that is accessible and effective for companies of all sizes.