Is Your Business Ready for the Growing Cyber Threats?
The world is changing fast, and businesses strive to keep up with the latest trends. But how often do you take a step back and assess whether your company is adequately protecting itself and its products from external cyber threats? Ignoring these risks can have devastating consequences.
Why Cybersecurity Matters
As a society, we all share a responsibility to secure the digital infrastructure we rely on. Many mission-critical services today depend on a well-functioning internet. From banking to healthcare and social services, essential functions are delivered via internet-connected devices.
This interconnectedness also presents opportunities for cybercriminals to disrupt services, steal sensitive data, or compromise the security of millions of users. Businesses must be proactive in addressing these risks.
Key Questions to Consider
-
How could a cyberattack on our IT infrastructure impact our company?
-
What would happen if an attacker disabled all our connected devices?
-
How would we respond if customer data were leaked?
The Rise in Cyber Threats
Cyberattacks are becoming more frequent. High-profile incidents are increasing, and the geopolitical landscape has escalated the overall threat level.
In Sweden, a recent attack disrupted healthcare providers, and across Europe, attacks on hospitals have led to tragic fatalities. Cyber threats are no longer just an IT concern—they pose a direct risk to human lives and economic stability.
New EU Regulations: Are You Prepared?
The EU has long been a leader in digital privacy with regulations such as GDPR. Now, the bar is being raised further to protect against cyber threats from individual hackers, organized crime, and even state-sponsored actors.
The RED Cybersecurity Mandate (Effective August 2025)
Starting in August 2025, all wireless IoT devices sold in the EU must comply with new cybersecurity standards under the Radio Equipment Directive (RED). The goal is to ensure that wireless devices are secure and do not interfere with other systems.
Key Implications:
-
Devices that fail to meet the RED standard cannot be sold in the EU.
-
Non-compliant products already on the market may face costly recalls.
-
Competitors are increasingly reporting non-compliant products to regulatory authorities.
A recent example of strict EU enforcement was the recall of a Norwegian-made electric vehicle charger by the Swedish regulatory authority Elsäkerhetsverket for failing to meet compliance standards. While this was not a cybersecurity issue, similar enforcement will apply under the new RED cybersecurity rules.
Severe Penalties for Non-Compliance
If your product leaks sensitive customer data, your company could also face GDPR fines of up to 20 million EUR or 4% of global annual turnover. In short, failing to comply with cybersecurity regulations could put your entire business at risk.
Understanding Cybersecurity Standards
When selecting cybersecurity standards for your products, you must consider the regulatory requirements of your target market.
-
Europe: CENELEC (CEN/CLC/JTC 13) and ETSI develop cybersecurity standards for the EU market. The latest harmonized standard is CENELEC EN18031.
-
USA: The National Institute of Standards and Technology (NIST) provides the Cybersecurity Framework to manage cyber risks.
What Does This Mean for Your Products?
If you are developing or selling any wireless device in the EU, you must prepare for compliance with the RED cybersecurity mandate by August 2025, even if your product has an existing RED certification.
What Do the Standards Require?
The CENELEC EN18031 standard outlines essential cybersecurity measures, including:
-
No universal passwords (e.g., default credentials like “admin/password” are no longer acceptable).
-
Security monitoring & updates (companies must actively monitor vulnerabilities, such as those in the CVE database, and provide timely patches).
-
Secure storage of sensitive information (e.g., passwords and user data should be protected using a trusted execution environment).
-
Secure software updates (firmware updates must be protected from man-in-the-middle attacks).
-
Robust encryption (ensuring encryption methods resist modern cracking tools).
-
Disabling unused interfaces (minimizing attack surfaces by turning off inactive device functionalities by default).
What Should You Do Now?
1. Evaluate Third-Party Dependencies
If your product relies on third-party communication modules or software, contact your suppliers today. Ask about their strategy for compliance and establish an agreement for ongoing security updates.
This is particularly crucial for modules using:
-
Cellular (2G/3G/4G/5G)
-
Wi-Fi
-
Bluetooth
-
Zigbee
Auditors will require documentation on firmware security and an agreement with your supplier for security update support throughout the product’s lifecycle.
2. Conduct an Internal Security Inventory
Ask your R&D team to assess:
-
What cybersecurity dependencies exist in your product?
-
Are all components compliant with upcoming regulations?
3. Engage with an Accredited Test House
Start the certification process today. Demand for testing will surge as the deadline approaches, and delays could leave you at the back of the queue.
How Can Svep Design Center Help?
At Svep Design Center, we have over 20 years of experience designing secure IoT devices. Our team has the expertise and processes to help you achieve compliance before the new regulations take effect.
We offer:
Security evaluations, documentation, and vulnerability assessments
Lifecycle monitoring for emerging threats
Remote monitoring & secure OTA updates for IoT devices
Direct collaboration with test houses and regulatory auditors
Strong partnerships with wireless module vendors to navigate evolving legislation
Don’t Wait Until It’s Too Late
The cybersecurity landscape is changing fast, and the new RED mandate will soon be legally enforced. Ensure your products are secure and compliant before the August 2025 deadline.
Contact Svep Design Center today to start your compliance journey!
