EU Businesses Risk Fines For Not Complying With IoT Security Rules

Companies could be fines of €15 million or 2.5% of turnover if they don’t comply with draft EU legislation addressing the Internet of Things (IoT). Makers of IoT devices - ranging from iPhones and fridges to baby monitors and TVs, and IT software developers  - will face heavy fines if they do not apply rules aimed at averting cyber attacks. 

These devices can have a poor degree of cyber security, as made evident by numerous vulnerabilities and the lack of security updates. 

IoT technology is propelled us into the Fourth Industrial age and are immensely valuable. But as the EU has noticed, there are inherent security risks; a breach in one tiny part of a system can compromise the whole unit. According to the draft, some vendors present customers with “insufficient” information about their level of protection. Companies will have to get certificates showing they’re meeting the basic requirements to minimise the risk of cyber attacks and hacking attacks. A study by EU regulators suggests that only 50% of relevant companies have proper security against cyber attacks. 

The size of the market for hardware makers is roughly 23,000 companies with a combined annual turnover of €285bn and around 370,000 software makers with a total yearly turnover of €265bn.

Digital identity expert David Mahdi, CISO Advisor at cyber security firm Sectigo says “The challenge that IoT security presents is the sheer multitude and diversity of devices, networks and protocols that, left unchecked, could pose severe threats to companies and people."

"Cutting-edge security technology is needed in order to ensure the information remains under control, and the use of machine intelligence is expected to provide a great advantage in monitoring operational security in the context of IoT. The attack vectors and threat actors to the IoT are constantly evolving, warranting best-practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future. This will be vital within the lifespan of the devices being deployed to customers.” Mahdi said. 

Fines for breaking a key component of the proposed legislation could exceed €15 million, or 2.5 percent of a company’s global annual revenue, whichever is greater. Less serious infractions may result in fines of up to €10 million, or 2% of worldwide annual sales. Organisations that give “incorrect, incomplete, or misleading” information could face fines of up to €5 million, or 1 percent of annual sales.

The  European Parliament, the Council of the European Union and the European member states have already voted to pass two important pieces of legislation that will tighten cybersecurity requirements for firms to reduce the risks of cyber attacks. 

In May, the EU Parliament and the Council reached a provisional agreement on the Digital Operational Resilience Act (DORA), and even though the deal still needs to be approved in plenary session; this is normally seen as a formality once there is political consensus. 

Pymnts:     Pymnts FT:     Bloomberg:    Techzine      IT News:

You Might Also Read:

Securing Smart Devices:

 

« Iranian Hacking Group Deploys Customised Spyware
The Metaverse: A Reality Check »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

TheHive Project

TheHive Project

TheHive Project is a Scalable, Open Source and Free Security Incident Response Platform for SOC, CSIRT and CERT teams.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.