Cyber security and data protection and privacy is becoming an increasingly hot topic amongst consumers. From high profile cyber attacks and hacks, to GDPR and awareness of personal permissions, the UK population is becoming ever more savvy about how their data is being used, and by whom.
Our 2021 Consumer survey report – State of the Nation – found that privacy concerns around personal data while watching TV corelated strongly with age. More than a third (36%) of all respondents said they didn’t want their personal data or viewing behaviour accessed or shared at all by or with broadcasters, advertisers and streamers/platforms. However, this rises sharply to 62% in older demographics, while only 16% of 16-25 year olds expressed any concerns.
But, the cybersecurity threat is evolving. IoT devices are increasingly a target for cyber criminals as security by design hasn’t yet been properly established in such a fast-moving and emerging market.
Add to that a changing threat landscape, and new working patterns driven by the pandemic, and lines between consumer home network security and that of employers has become blurred. It means privacy and security in the home is now a critical issue for both users and employers.
The upcoming Product Security and Telecommunications Infrastructure Bill, which had its second reading in Parliament this week, is designed to set minimum requirements of manufacturers to protect consumers using connected devices, laying down a compliance baseline, but the real market opportunity lies in driving best practice in an area that is moving closer to the top of the consumer agenda.
Certification offers proactive manufacturers the opportunity to leverage first mover advantage, parlaying it into a point of differentiation and positioning themselves and their products as the most trusted on the market.
What is SafeShark?
Set up through DCMS funding, SafeShark is a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards. SafeShark certification is designed to secure consumer trust and ‘Protect, Prepare and Enhance’ product, offer and brand position.
What will basic legislative compliance look like?
There are three security requirements for legislative compliance:
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner.
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online.
These requirements are a subset of a European IoT cyber security standard (ETSI EN 303 645) and associated test specification (ETSI TS 103 701).
Is this enough?
However, these represent a minimum baseline requirement for compliance and on their own are not enough to build trust around a product or brand.
DCMS has said the regulation is the first step on a journey, and it is undoubtedly the rock on which secure IoT can be built – but it is not, by any means, the entire solution. Compliance alone will not represent or demonstrate good practice, but the standard does. So, there is a unique opportunity for first movers to go beyond basic compliance and drive differentiation by forging trust with an ever more security-savvy consumer base. Proactive manufacturers will:
Protect your customers, your business, your investors, your reputation, and your brand position.
Prepare for the legislation and increasing consumer demand before this becomes a business-critical issue.
Enhance your products and brand early on, building a reputation and trust by taking a hard consumer protection stance.
SafeShark’s assessment process will incorporate the requirements in the ETSI test specification that have been classified as ‘Mandatory’. But it takes manufacturers beyond that, turning compliance into a competitive edge and combining accessibility and affordability using its automated Intercept software.
Preparation and protection
The UK Government has said the legislation will adapt over time to remain effective. Additionally, with European requirements also being developed, the SafeShark assessment process will ensure products are prepared for future developments, protecting customers, shareholders, and brand trust.
We are here to support manufacturers, help navigate the legislation, ease the burden of in-house testing and self-certification, and ensure your products demonstrate appropriate security certification.
Going beyond basic compliance, the BSI mark demonstrates a rigorous, objective, and independent verification of a connected device’s security – offering peace of mind to consumers and shareholders, and giving manufacturers a genuine, certified point of differentiation on shelf.
Our proprietary testing platform – Intercept – is the only pass/fail model in this market providing repeatable, objective results. Our UKAS-accredited lab in Central London – the UK’s only comprehensive testing and accreditation centre for digital TV devices and services – incorporates the DTG Testing Zoo, the world’s largest independent collection of connected televisions and devices and our team of dedicated expert technologists.
SafeShark’s best-in-class service ensures the device is subjected to continuous testing, throughout its market life to ensure our certification remains valid. The manufacturer and retailer remain informed and confident in the security credentials ultimately protecting the end consumer.