"It is not enough to focus solely on the product itself when designing a secure solution. We take a holistic approach where cybersecurity covers not only the device, but also the development and production environment as well as the operational environment in which the product is used," says Rune Hillebo Wiinberg, Head of Cybersecurity at Prevas.

An increasing number of products are being connected to networks, enabling new functionality and value. At the same time, this means that companies across all industries must ensure that their systems are protected against intrusion and cannot be used as an entry point into networks where sensitive information is stored.

New regulatory requirements for connected products

Several new EU regulations are changing how companies need to approach cybersecurity. The Cyber Resilience Act (implemented progressively from 2024) requires connected products to be developed with security as an integrated part of the design, while the NIS2 Directive (in force since 2024) focuses on how organizations manage cybersecurity in a structured way.

"Companies developing products need to address multiple requirements simultaneously and consider the entire ecosystem surrounding the product. For example, a single product may fall under several overlapping cyber-regulation frameworks at the same time, depending on its end use and the regions in which it is deployed," says Rune Hillebo Wiinberg.

The new requirements also present challenges for companies that still deliver products that was developed before cybersecurity became a key consideration.

"These products may still serve their purpose well but were not designed to meet today's security requirements. In such cases, it is necessary to analyze the products to identify and evaluate potential security threats, and to develop a plan for implementing security measures without disrupting existing functionality," says Johan Callmyr, software architect and cybersecurity expert at Prevas.

Security across the product lifecycle

Prevas has extensive experience in cybersecurity for electronic products and connected systems. This expertise spans the entire chain - from strategy and architecture to implementation and management of products in operation.

"Cybersecurity is a continuous effort throughout the entire product lifecycle. Companies need to be able to identify new vulnerabilities, develop mitigation measures and distribute updates to products already in use by customers. This requires both technical solutions and a structured approach," says Johan Callmyr.

Prevas therefore works closely with its customers, supporting both technical development and providing training and advisory services on how to organize cybersecurity efforts.

Growing demand for secure systems

New regulations, increasing connectivity and a more uncertain geopolitical landscape are driving the need for secure products and systems across all industries. In sectors such as industry, healthcare, energy and public services, the requirements for integrating cybersecurity into product development and managing it systematically are increasing.

"Cybersecurity cannot reliably be added afterwards, it must be an inherent part of the development process and the overall product lifecycle management. At the same time, the needs vary depending on the business and the product. That's why we support each customer based on their specific requirements, from strategy and development to updates and lifecycle management," says Rune Hillebo Wiinberg.