Why should we get involved?
Corporate responsibility is an increasingly important competitive advantage. The Cybersecurity Label is a simple way to communicate responsibility and show that information security has been considered in the design of a product or service. The label also shows consumers that a company, which has applied for the label for its products, is investing in long-term development and the secure handling of its customers’ information security data.
Research on consumer views on cybersecurity:
Information security interests consumers
Taking care of information security is important: according to a consumer survey commissioned by the Finnish Transport and Communications Agency Traficom, approximately 80% of Finnish consumers say they examine information security features when buying a smart device, and three out of four are aware of malware in domestic smart devices. According to the study, approximately 80% of consumers in Finland would be influenced by a well-known and reliable information security label.
Competitive advantage and brand value
According to the same study, three quarters of consumers would be willing to pay more for a product or service if they knew it was secure. Taking care of users’ information security is considered valuable from both consumers’ and investors’ perspectives.
Become an international pioneer
It is expected that information security requirements will be imposed on smart devices by European standardisation and regulation. By complying with the requirements of the Cybersecurity Label, a company has already taken a leap towards future requirements and set an example for others as a pioneer.
The EU Cybersecurity Act entered into force in June 2019. One of the Act’s aims is to provide for procedures under which ICT goods could be certified on an EU-wide basis as proof of a product’s information security. The certificate would show that the product met certain requirements related to the availability, authenticity, integrity and confidentiality of data, functionality and service. The certificate would be mutually recognised in all member states, and manufacturers or service providers would not need to obtain several national certificates for their products. However, this work remains ongoing, and its timeframe is open.
Applying for the Cybersecurity Label is voluntary. The Cybersecurity Label is not regulated by law, but a standard for smart devices intended for consumer use has been published. The requirements of the Cybersecurity Label are based on this ETSI EN 303 645 standard. Traficom has been actively involved in the development of European standards to avoid the development of divergent requirements on the market. The Cybersecurity Label is based strongly on the European development path and consistency with future obligations.
Read more about applying for the Label here.