Lawmakers are working to strengthen cybersecurity requirements across the European Union and are promoting new legislation that will strengthen security requirements for all digital hardware and software.
The proposed law, called the Cyber Resilience Act, would cover everything from computers and cell phones to smart kitchen appliances and digital children’s toys.
“When it comes to cyber security, Europe is only as strong as its weakest link: whether it is a vulnerable member state or a dangerous product in the supply chain,” said EU Internal Market Commissioner Thierry Breton.
A legislative proposal announced by the European Commission earlier this month requires products to be designed, developed, and manufactured in a way that minimizes cyber security risks.
This includes, for example, requirements to sell products in a secure default configuration so that product identifiers are comprehensive in the system and ensure that exploitable vulnerabilities can be patched through security updates, including cybercrime disclosure rules.
In recent years, the number of personal devices connected to the Internet has increased significantly.
But many of these so-called IoT products are highly vulnerable to hacking and cybercrime. In fact, a ransomware attack occurs every 11 seconds worldwide and cost the global economy around 20 billion euros last year, According to the EU. Meanwhile, DDoS attacks—malicious attempts to disrupt or disrupt access to online services or websites—cost the EU economy alone around 65 billion euros in 2020.
In Belgium, for example, almost 1,000 companies were targeted by cybercrime in 2021. 300% growth compared to last year, according to Mastercard’s analysis. Most cyber attacks involve malware and ransomware attacks.
“We deserve to feel safe with the products we buy in the single market,” said Margrethe Vestager, Vice-President of the European Commission, for a Europe fit for the digital age. ” The Cyber Resilience Act ensures that the connected objects and software we buy have strong security safeguards. “
Enhanced cyber security protocols should also help businesses and manufacturers, especially smaller businesses that may not have the technical resources or financial resources to survive a cyber attack.
Earlier this year, the World Economic Forum’s Global Cyber Security Outlook reported that the average cost of a cyber breach to a business was $3.6 million. In addition, targeted companies saw their stock prices decline and spent an average of 280 days detecting and responding to cyber attacks.
“Technology leaders, companies, and their boards would do well to pay attention to this development and recognize that cyber strategy is business strategy and understanding cyber risk is part of good governance in the digital age,” said Director Daniel Dobrygowski. governance and trust forum in the Cybersecurity Center.
Industry groups such as the TIC Council, a global organization covering the independent testing, inspection, and certification industry, welcomed the proposed Cyber Resilience Act. “The proposal is a good first step towards a more cyber-resilient single market,” said Martin Michelot, European director of the TIC Council.
The law was first proposed by the President of the European Commission Ursula von der Leyen, in November 2021. If the European Parliament and the European Council approve the law, EU countries will have two years to adapt to the new rules.
“Digital trust is necessary in a global economy dependent on ever-increasing connectivity, data usage and new, innovative technologies,” said Akshay Joshi, director of industry and partnerships at the Forum’s Center for Cyber Security. “
As ordinary citizens become increasingly wary of the technologies they use, this regulation increases transparency and empowers end users to make informed choices.”
The EU Cyber Resilience Law combines several other laws proposed and the world to curb cybercrime, which cost the global economy5.5 trillion in 2021. By 2025, cybercrime losses are expected to exceed €10 trillion.
Earlier this year, the United States passed a new law that strengthens cybercrime disclosure requirements for companies operating in critical infrastructure sectors.
The practice follows a major ransomware attack in May 2021 against Colonial Pipeline, which operates the nation’s largest jet fuel, gasoline, and diesel pipeline system. The attack, allegedly launched via the legacy company’s virtual private network, crippled pipelines along the US East Coast and resulted in Colonial Pipeline paying the hackers around $5 million in Bitcoin.
The US Department of Justice later demanded nearly half of the ransom. Today, the US Securities and Exchange Commission and the US Congress are also calling for new regulations to strengthen and standardize cybersecurity benchmarks and cybercrime reporting requirements.
“Regulation plays an important role in fostering cyber resilience,” added Dobrygowski.