Strengthening the cyber security of consumer devices

29.12.2025
Alternate Text

jkcDesign/Shutterstock.com

The world is swimming in connected devices. Of the estimated 18.8 connected Internet of Things (IoT) around the world, over half of them are for consumers, with over 1 billion smart phones alone produced each year. And the number is growing. From smart watches to doorbell cameras, the demand for consumer IoT devices has never been higher, and around 672 million households are expected to use smart home devices by 2027. 

IoT devices are notoriously attractive to cyber criminals because they are often not adequately secured and provide an entry point into wider networks. The rise of ‘fast tech’, with more and more cheaply made devices on the market, fuelled by technical obsolescence and a growing demand for new products, is only making things worse.

Low-cost devices often lack advanced security features such as threat detection or antivirus software and are exposed to vulnerabilities via their components all along the supply chain.

Cybersecurity labelling schemes are a powerful way of improving cyber resilience, providing information on the resilience of labelled products to common cybersecurity attacks. A number of countries, such as Singapore and Germany, have established their own schemes, yet individual schemes are often aimed at specific markets, making it difficult to compare across products internationally.

What is needed is an internationally aligned cybersecurity labelling framework to enable guidance for new schemes, as well as mutual recognition of schemes to enable the interoperability of products.

The recently published international standard ISO/IEC 27404 provides such a framework. By specifying the requirements for cybersecurity labelling it aims to make such provisions transparent to consumers, thereby increasing awareness of cybersecurity risks and enabling more informed choices. In this way it encourages manufacturers to install more robust cybersecurity features and improve product quality.

Being international, it can foster cross-border recognition of cybersecurity testing, which not only reduces the cost of compliance but facilitates more manufacturers to partake in a labelling scheme.

Source: IEC.