The Cyber Resilience Act (CRA) is a new regulation that sets forth cybersecurity requirements for many products sold in the European Union. Companies that must comply with the CRA face a significant challenge, as their products may not meet all of the requirements. This article explores the cost of compliance for companies that take a DIY approach versus those that use an automated platform such as i46’s.

The Cost of DIY Compliance

A recent survey undertaken by cyberresilienceact.eu found that the average cost for companies to comply with the CRA using a DIY approach (i.e: by working with an internal team) is expected to reach €193,019.10.

This high cost is due to the fact that many products do not meet the CRA’s requirements out of the box. The most common missing requirements include:

• Security by design: This requirement ensures that security is considered throughout the product development lifecycle, including taking a cautious approach when selecting third-party components to be integrated into the device (software and hardware)
• Strong authentication protocols: These protocols help to prevent unauthorized access to the device.
• Data encryption and secure storage: This requirement ensures that data is protected from unauthorized access, even if the device is compromised.
• Regular security testing and reviews: This requirement helps to identify and address security vulnerabilities before they can be exploited by attackers.
• Policies for vulnerability disclosure and third-party sharing: These policies help to ensure that vulnerabilities are disclosed in a timely manner and that information about vulnerabilities is shared with the appropriate parties.

Addressing these missing requirements can be a time-consuming and expensive process. Companies that take the DIY approach must identify the missing requirements, develop solutions to meet those requirements, test and validate their solutions, and then distribute the update to their devices, including those in operation.

The i46 Advantage

i46 is a platform that helps companies automate the process of adding these missing requirements to their products. This can significantly reduce the cost of compliance, while ensuring that companies do not face the risk of being found non-compliant by the EU authorities for misinterpreting or misunderstanding the Act’s requirements. 

In contrast to the high cost of DIY compliance, companies that use i46 to automate compliance with the CRA can reduce their compliance costs to around €30,000. This is an 85% cost decrease.

i46 works by automating the following tasks:

• Identifying missing requirements: i46 can scan your product and identify any missing CRA requirements.
• Adding missing requirements: i46 can add the missing requirements to your product automatically thanks to a lightweight script deployed on your device.
• Testing and validation: i46 can test and validate your product to ensure that it meets the CRA’s requirements.

The Takeaway

The Cyber Resilience Act presents a significant challenge for companies that must comply. However, companies can significantly reduce their compliance costs by using an automated platform like i46. i46 can help companies identify, add, and test the missing requirements, reducing the time and expense required for compliance.

Join the Discussion:

Chat with i46’s CEO: Erel Rosenberg

Find out more information on the Cyber Resilience Act here

Let us know your thoughts on this article !

😡🤨🙂😍