The EU resilience act that's shifting the cyber security market.

What is the Cyber Resilience Act?

In December 2023, the EU policy makers passed the latest Cyber Reselience Act Agreement. In simple terms, the Cyber Resiliency Act passed in December is a big checklist that all manufacturers of Smart devices must adhere to. Devices such as TVs, mobile phones, tablets, baby monitors, and military devices must now pass the terms of the new Act.

The overall goal is to make these devices less susceptible to hacking and cyber-attacks and make smart products that are. 

• Are less buggy
• Updated for everyone in terms of their software
• Transparent about their security features.

However…

• The act could be bad news for open-source developers, as IT will likely cause red tape between independently developed software and smart devices.

It’s a huge shift in consumer technology and for cyber professionals working on smart device protocols. Here’s how it will affect you if you’re working in Cyber.

For Cybersecurity Professionals:

• Increased Demand: The Act will boost the need for qualified cybersecurity professionals across the EU, creating a more competitive job market with potentially higher salaries.
  
• Shifting Skills: The focus will move towards expertise in product security, vulnerability management, and compliance with the Act's new regulations.
  
• Certification Advantage: Certifications aligned with the Act's requirements could become essential for landing top cybersecurity roles.
  
• Evolving Landscape: Stay up-to-date on the Act's ongoing development and adaptations to remain competitive in the changing Market.
  
• Opportunity for Specialization: Deepen your expertise in specific areas impacted by the Act, like secure coding or supply chain security, to stand out from the crowd.

For Tech Companies Hiring Cybersecurity Professionals:

• Talent Pool Expansion: Thanks to the Act's harmonized standards, accessing a wider pool of qualified cybersecurity professionals across the EU is a sensible step.
  
  
• New Compliance Requirements: Adapt your recruitment process to identify candidates knowledgeable about the Act's regulations and compliance procedures.
  
  
• Emphasis on Product Security: Prioritize hiring professionals with expertise in designing and building secure products that meet the Act's standards.
  
  
• Invest in Training: Provide training for existing staff on the Act's implications to ensure your company's products and processes are compliant.
  
  
• Attract Top Talent: Highlight your commitment to cybersecurity best practices and compliance with the Act to attract skilled professionals.

 

How the Market is likely to be affected in 2024

Specialization in Compliance and Legislation: Recruiters like myself should consider sourcing candidates with a deep understanding of cybersecurity legislation and compliance this year, as companies will need experts to navigate and implement the requirements of the Cyber Resilience Act.

Emphasis on Supply Chain Security: With the Act prioritizing supply chain protection, recruiters should look for candidates with experience securing critical products like routers and antiviruses. Meaning supply chain executives could be required to hire more workers specializing in supply chain cybersecurity.

Expertise in Open Source Security: Given the agreements on open-source software, recruiters should seek candidates with expertise in open-source security, especially those who understand the specific rules for software stewards and documentation.

National Security and Defense Specialization: Candidates with a background in national security and defense may find increased opportunities, as products developed or modified exclusively for these purposes are exempt from the regulation.

Understanding of Secondary Legislation: Recruiters should prioritize candidates with a solid understanding of EU legislative processes, especially those familiar with delegated and implementing acts, as these will play a crucial role in shaping the details of the Cyber Resilience Act.

Adaptability to Changing Regulatory Landscape: Tech recruiters should prioritize candidates who are adaptable and willing to stay updated on evolving cybersecurity regulations. The ability to navigate and understand the implications of regulatory changes will be a valuable skill in this dynamic landscape.

Overall, the Cyber Resilience Act passed in late 2023 presents an evolving and challenging landscape for tech recruiters. Still, it also opens new avenues for professionals with the right skill set and expertise.

Are you a candidate looking for a new role in cyber or hiring workers who can implement the new acts regulations? 

Check our job board for the latest cyber security jobs or to tell me about a role you're hiring for.