European IoT Manufacturers Lag in Vulnerability DisclosureResearch Firm CEO Says IoT Makers Treat Cybersecurity as Somebody Else's Problem
European internet of things vendors lag behind other countries in adopting vulnerability disclosure programs, a study finds.
A report by British mobile and IoT security research firm Copper Horse* shows that only 27% of the 332 IoT companies across the globe reviewed for the study have a dedicated vulnerability disclosure policy. Of these, IoT vendors from Europe fare the worst in vulnerability disclosure adoption in comparison to Asian and North American companies.
The percentage of Asian and North American companies that have a dedicated vulnerability disclosure plan is 37% and 33%, respectively, while only 14% of the European vendors - 76 were surveyed - have similar policies in place, according to the study.
The European Commission in September proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.
Copper Horse CEO David Rogers says manufacturers don't think cybersecurity is their problem.
"It is astonishing to me that even with the writing on the wall - potentially massive fines ahead of them - they're still doing nothing," Rogers tells Information Security Media Group. "To me, it entirely justifies the government interventions we're seeing across the world. These companies are collectively putting society at very serious risk."
*Correction Jan. 26, 2023 21:13 UTC: Fixes name of Copper Horse, which we earlier misspelled.