banner ad
Event Calendar Event List It's Showtime!
Online Flipbook Archives Breaking News Advisory Board Street Smarts Legacy HTML
Banner Ads Skyscraper Ads Paperless Ads Forum Ads
Maverick Payments Merchants Bancard Network Inc. The Merchant Store North bluu
Dashboard Ad Specifications Production Dates Rate Card
News From the Wire

16:52:42 (UTC) 09-04-2025

U.S. Bank launches new embedded payroll solution for small businesses

16:50:45 (UTC) 09-04-2025

1Money secures 34 U.S. money transmitter licenses, Bermuda BMA Class F license

16:48:52 (UTC) 09-04-2025

Lower mortgage payments bring a trickle, not a surge, of homebuying demand

16:45:49 (UTC) 09-04-2025

Glass-Media, IFS team up to deliver ‘Display Now, Pay Later’ signage solutions

16:44:08 (UTC) 09-04-2025

Finland cards and payments statistical yearbook 2025 available

16:41:45 (UTC) 09-04-2025

Q2’s AI-driven enhanced payee match detects 3x more suspected fraud in 1st year

16:38:33 (UTC) 09-04-2025

ParaScript debuts embedded signature verification for secure check processing

16:36:49 (UTC) 09-04-2025

RetailPro, Onebeat aim to transform inventory from static data to profit engine

News from the Wire

Final push for Cyber Resilience Act — nearly 2/3 of companies still unaware

Thursday, September 04, 2025 — 16:33:16 (UTC)

Düsseldorf, September 4, 2025 — The "IoT & OT Cybersecurity Report 2025," published by ONEKEY, a Düsseldorf-based cybersecurity company, reveals that the German economy is not prioritizing the EU Cyber Resilience Act (CRA). The CRA imposes obligations on manufacturers, importers, and distributors of networked devices, machines, and systems. ONEKEY's report came to this conclusion.

"In fall 2026, in about a year's time, the reporting requirements set out in the CRA will take full effect," explained ONEKEY CEO Jan Wendenburg. "A year later, all other obligations will follow. So now we're entering the final stretch. The report shows that there is currently too little evidence of this in the economy.” For the report, 300 German industrial companies were surveyed about their status and plans regarding the security of industrial control systems (operational technology, or OT) and Internet of Things (IoT) devices, which are at the core of the EU Cybersecurity Regulation. The report is available for download on the ONEKEY website: www.onekey.com/resource/iot-ot-cybersecurity-report-2025.

The survey shows that fewer than one in three companies (32%) are fully familiar with the EU Cyber Resilience Act requirements, while another 36% have at least begun to review them. More than a quarter (27%), however, have not engaged with the topic at all. This is reflected in the slow pace of implementation: only 14% of respondents have taken extensive measures to ensure compliance for their connected devices, machines, and systems. At least 38% have initiated first steps, while an equal share has yet to take any action, according to the “IoT & OT Cybersecurity Report 2025.”

The CRA Imposes Comprehensive Obligations

Considering the extensive requirements of the EU Cyber Resilience Act, the ONEKEY report describes these obligations as "astonishing." Manufacturers must develop secure products from the outset (security by design) and ensure CRA compliance throughout their products' life cycles. This includes protection against unauthorized access, protection of data integrity and confidentiality, and ensuring the availability of functions. Additionally, manufacturers must report actively exploited vulnerabilities and serious incidents that compromise the security of their products to the European Cybersecurity Authority (ENISA) and the relevant national Computer Security Incident Response Team (CSIRT) within 24 hours.

Providers are required to deliver regular security updates to address known vulnerabilities and safeguard their products. They must also supply comprehensive documentation for all products — including a Software Bill of Materials (SBOM) — to ensure full transparency and traceability of components. As Jan Wendenburg emphasized: “It is not enough to simply meet these requirements; compliance with the CRA must also be documented and demonstrably proven.”

Challenges in Operational Practice

To better understand the challenges companies face with the Cyber Resilience Act, ONEKEY asked respondents to identify the areas they consider most demanding. Multiple responses were allowed. According to the survey, 37% of companies view the requirement to report security-related incidents within 24 hours as the top challenge. Close behind, 35% cite meeting the “secure by design” and “secure by default” criteria. For 29%, the creation of a Software Bill of Materials (SBOM) poses the greatest difficulty, while a similar share highlights ongoing software vulnerability management as a major concern.

Jan Wendenburg from ONEKEY explained the background: "Many manufacturers of digital devices, machines, and systems have focused primarily on the functionality of their products, paying less attention to their vulnerability to cyberattacks. The Cyber Resilience Act now requires them to treat both aspects as equally important. Some companies are still finding this dual focus challenging." He points out that the new EU regulation covers an "extremely wide range of products." This includes digital toys, smart home devices, payment terminals, charging stations, IP cameras, medical devices, building automation systems, industrial controls, CNC machines, industrial robots, and production facilities with remote maintenance capabilities.

Change in Mindset Among Executives

Jan Wendenburg said, "In many of these market segments, cybersecurity has primarily been about protecting one's own company against attacks rather than protecting products against cyberattacks." He acknowledges that a change in mindset among executives has begun, but he notes that it will naturally take time. At the same time, he emphasizes the far-reaching consequences if companies do not prioritize the Cyber Resilience Act (CRA). "Networked devices, machines, and systems that do not meet CRA requirements will no longer be permitted for sale or operation in the EU. Given development times of two to three years, it is imperative to act with the utmost urgency."

Violations of the EU regulation may result in fines of up to €15 million or 2.5% of a company's annual global turnover, whichever is greater. Additionally, the board of directors, management, and/or other responsible parties may face personal liability.

The Security Situation Is Alarming, Yet OT Is Being Neglected

In order to protect themselves and their customers from the growing threat of cybercrime and to comply with regulatory requirements, companies must adhere to the CRA. The Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) anticipate that the threat will continue to escalate in the coming years. In 2024 alone, cybercrime caused an estimated €178.6 billion in total damage in Germany, marking a €30.4 billion increase from the previous year.

Jan Wendenburg said, "Many companies focus on protecting computer systems and networks, but industrial control systems in machines and plants often receive too little attention when it comes to security issues." However, given the digital transformation of industrial processes, cyber threats on the shop floor are steadily increasing. Therefore, factories and logistics centers must apply the same high security standards as data centers.

ONEKEY has developed a platform that supports core Internet of Things (IoT) and operational technology (OT) cybersecurity functions, including vulnerability detection, software bill of materials (SBOM) validation, and regulatory compliance, for companies.

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes - without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. "Digital Cyber Twins" enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the EU Cyber Resilience Act (CRA) and requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform (OCP) and ONEKEY Cybersecurity Experts.

Further information: ONEKEY GmbH, Sara Fortmann, Email: sara.fortmann@onekey.com, Kaiserswerther Straße 45, 40477 Düsseldorf, Germany, Web: www.onekey.com

PR Agency: euromarcom public relations GmbH, Mühlhohle 2, 65205 Wiesbaden, Germany, Email: team@euromarcom.de, Web: www.euromarcom.de

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research

skyscraper ad
  • Home
  • Forums
  • Emagazine
  • Flipbook
  • News From the Wire
  • Breaking News
  • Ad Page
  • Podcasts
  • Calendar of Events
  • Community Voices
  • Resource Guide
  • Advisory Board

    • © 1983-2025 The Green Sheet, Inc.