5 thoughts on how to start with cybersecurity not only for compliance reasons
Kiwa is of course known for being the independent party for testing and certification, but we support broader than that. In addition to compliance, we also find it important to think along with our customers' business continuity, which is why we think it is important to emphasize that you should not only focus on compliance, but also from a risk based perspective. Here are some thoughts on that:
- 1
Customers expect a secure product
Your customer and the customer of your customer expects a product to be secure. A customer often cannot judge for himself how secure a product is. Here an important role seems to be reserved for the manufacturer of the product to inform the user and by ensuring the product is really secure in addition to complying with laws and regulations. For instance by carrying out regular pen tests or security assessments.
- 2
Added value of the product
Research has shown that customers are willing to pay up to 20% more for the same product if it’s clear that the product in question is safer in terms of cybersecurity. Added value for the customer and added value for you!
- 3
Better future products (secure design)
Start setting up processes now that contribute to security-by-design and the software development lifecycle. In time, this will help you bring new products to market faster and more securely.
- 4
Prevent damage
Complying with laws and regulations is important. But in addition, it’s also important to think about the risks. A product that turns out not to be cybersafe can cause a lot of damage. Besides operational and financial losses, it can also lead to enforcement from the market surveillance authority, potentially taking your product off the market. And all this can cause a negative impact on reputation.
- 5
Look beyond 2025 (NIS 2/ CRA)
Currently, compliance consists mainly of meeting the requirements of the Radio Equipment Directive (RED). But think ahead, because the NIS2 and the Cyber Resilience Act are also going to have an effect within short notice, looking at the risks of the entire eco-system of the product or even your company. But why not already think about the impact of these risks and start working on them?