Organizational Compliance, Oversight, Challenges, and Impact on Stakeholders
July 2024
Introduction to the Cyber Resilience Act
In an era where cyberattacks are on the rise, with reports predicting an attack every 2 seconds by 2031, possibly costing over €251 billion annually1, it has become increasingly critical to enhance cybersecurity and mitigate vulnerabilities in digital products.
The proliferation of connected and smart products, with Internet of Things (IoT) connected devices potentially reaching 34.7 billion by 20282, magnifies this risk where a single cybersecurity incident can have cascading effects across entire supply chains, potentially causing widespread disruption to economic and social activities, and even posing threats to public safety.
A fundamental issue is the inadequate cybersecurity in many products, coupled with manufacturers’ reluctance to issue updates to fix vulnerabilities, often leaving consumers and businesses to deal with the consequences.
This situation is aggravated by the information gap that exists where both businesses and consumers lack the necessary knowledge to identify and configure secure products and the fact that the burden of security lapses is mostly felt by users, not manufacturers, reducing the latter’s motivation to focus on secure design and post-sale support.
Navigating the Cyber Resilience Act