Highlights of the Recent Events

Last week in Brussels I had the pleasure to participate in the European Cyber Security Organisation (ECSO) Days conference in the panel session Case Studies: Trusted Supply Chain and Cyber Resilience Act alongside Stephen de Vries  who shared his expertise on the importance of Security by Design and Enzo Ribagnac from Eclipse Foundation who discussed the point of view of the opensource community and excellently moderated by Matteo Molé. I talked through our workflow approach to the CRA focussing on SMEs and some of the challenges they will face. I received a lot of interest about our infographic if you want to find out more follow Cyber Cert Labs for more information!

Thoroughly enjoyed presentation Go to Market and in particular the differences doing business in US Vs EU and what we can learn from this experience.  Many panels and conversations concentrating on competitiveness and our current fragmented approach not working and the need to change this, unless we focus on EU level rather than National level we will not capitalise on the EU single market! the need to support our start-ups and scaleups with investment is all important but ease of doing business and influence on the purchasing decisions to trust and buy between member states will be crucial to the success of indigenous cybersecurity providers!

Some interesting statistics on the Cybersecurity market from Luigi REBUFFI Global Cyber Security Market 180 billion in 2023 avg. growth 12%; European Market (including UK) €44 billion, EU Member States €30 billion, 10% avg. growth; Number of Companies in Europe (incl. UK) 9,000, 90% are SMEs generating 25% revenues, 10% large companies generating 75% revenues.

Introduction

In September I attended the Cyber Ireland national conference in Kilkenny and participated in the panel session: Understanding the EU market and impact of regulation. It was great to get an opportunity to discuss the Cyber Resilience Act and share some high level information with attendees on what they can expect and the timelines.

Key points on the CRA were:
1. The Cyber Resilience Act (CRA) is a first of its kind EU legislation that provides a baseline standard for the cybersecurity of connected products with digital elements.
2. Products with digital elements are defined as products with software and/or hardware and their components and any associated remote data processing solutions.
3. The CRA is a horizontal legislation, this means it will cover a broad range of products across many sectors.
4. Any product made available on the EU market that is in scope for the CRA will need to affix the CE mark for cybersecurity.
5. Manufacturers, distributors, and importers from outside the EU will also have to comply. The CRA is an important consideration for many businesses developing new products.
6. The CRA is expected to enter into force by the end of Q4 2024. A 36-month transition period will follow, by the end of which all products with digital elements brought to market after the enforcement date must be fully compliant. Obligations around vulnerability reporting will be enforced after 21 months.