The intersection of the Cyber Resilience Act (CRA) and the German product liability law (Produkthaftungsgesetz) creates a pivotal shift in the relationship between companies, their products, and third-party vendors. On one hand, the CRA mandates… Navigating the Dual Dynamics of Cyber Resilience and Vendor Liability
Consumer trust is becoming more important and challenging in the digital age, especially for security vendors. Companies will take more rigorous action in the future if they find out that their trust has been violated by the security vendors, such as switching to alternative solutions, filing lawsuits, or reporting to regulators.
If you went into a house with the key in the door, this is still against the law. In cybersecurity it is only breaking the law if „the attacker circumvented security mechanisms“. Also, while using passwords, the state of technology includes additional security measures that help securing access (besides access security measures such as MFA, salting, biometrics, …).
The UNECE R160 regulation introduces a mandate for installing Event Data Recorders (EDRs) in vehicles, essentially automotive “Black Boxes.” However, it’s crucial to note that security is not a focus within this regulation, as cyber security management and software updates at OEMs are addressed separately under R155/6.
Cyber Risk Management is a complex chess game of specified risks and unpredictable Black Swan events. While we assess and quantify known cyber risks, the challenge lies in acknowledging and preparing for Black Swans. Overfitting our risk strategies to past experiences may blind us to emerging threats. It’s not just about playing the regular moves but also being ready for the surprise checkmate.