Cybersecurity, Resilience and Competitiveness:
Reflections from the Arthur D. Little Executive Technology & IoT Event
Cybersecurity is now the defining resilience challenge for enterprises. Rising attacks and new regulations were front and centre at the Arthur D. Little event — with IoT emerging as a key part of the solution.
Returning from the 10th Executive Technology & IoT Event, organised by Arthur D. Little in Munich, one theme stood out: cybersecurity is a defining resilience challenge for enterprises.
Several presenters, including Grundfos and Fraport, shared that they are experiencing an uptick in cyberattacks targeting critical infrastructure. Some even spoke openly about breaches they had faced. A sobering reminder that the deteriorating global security situation is not abstract — it is translating into heightened risks for businesses.
A Growing Cyber Challenge for Enterprises
The message from Munich was clear: cyberattacks are increasing in both frequency and sophistication. Critical industries, from transport hubs to utilities and industrial manufacturers, are becoming prime targets. European policymakers are responding, including with new cybersecurity regulations impacting IoT such as NIS2, the RED delegated act, and the Cyber Resilience Act. These have just been introduced or will take full effect in the coming years.
This marks a clear shift from previous years’ discussions, from agile innovation and rapid growth to our critical infrastructure being under attack and cybersecurity essential for our future.
Cybersecurity and compliance with cybersecurity regulations for IoT is a team sport.” Cristoff Martin, CMO Telenor IoT
Our View: End-to-End Security Is More Important Than Ever
End-to-end security is no longer optional — it is a prerequisite for resilience. For the entire chain, from device to network to cloud and digital service, every link must be designed and tested to withstand attack.
Enterprises must also prepare for the regulatory dimension. In the EU several new cybersecurity frameworks are being launched requiring companies to prove compliance to be able to access the European markets. This adds complexity — but also creates an opportunity to build trust in the market and demonstrate leadership in protecting customers and data.
Ensuring end-to-end security and compliance with cyber security regulations for IoT is a team sport. IoT solutions have often been developed together with multiple vendors, and security and compliance need to be valid across the full solution. Together the European IoT industry can find ways to innovate together to secure cyber resilience and compliance with regulations.
Key IoT Cybersecurity Regulations in Europe
As highlighted during the event, several European regulations directly impact the resilience of IoT solutions. In brief:
- New regulations for cyber resilience (e.g. Cyber Resilience Act), and existing regulation extended with cybersecurity obligations (e.g. Radio Equipment Directive delegated act).
- Sector-specific rules apply to certain industries and use cases (e.g. Digital Operational Resilience Act for financial services).
- Overall trend: security threats and regulatory requirements are increasing — European industry needs to innovate together to stay resilient, compliant, and competitive.
The table below summarises a selection of the key frameworks.
| Regulation | Scope | Focus | IoT Impact | Applies from |
|---|---|---|---|---|
| EECC (European Electronic Communications Code) | Telecom services (including IoT connectivity) | Consumer rights, security, service continuity | IoT consumer services treated as electronic communications | Dec 2020 |
| NIS2 (Network & Information Security Directive 2) | Critical sectors (energy, transport, health, manufacturing, …) | Cybersecurity and resilience obligations | IoT in critical sectors must meet resilience and supply-chain standards | Oct 2024 |
| DORA (Digital Operational Resilience Act) | Financial sector and their critical ICT providers (cloud, telecom) | ICT risk and resilience obligations | Financial institutions must embed IoT security in risk frameworks and test supply chains | Jan 2025 |
| RED Delegated Act (Radio Equipment Directive add-on) | Radio/IoT equipment | Network security, data protection, fraud prevention | IoT devices (e.g. smart home, wearables) must comply with CE marking | Aug 2025 |
| CRA (Cyber Resilience Act) | All “products with digital elements” (hardware, software, IoT devices) | Secure-by-design, updates, vulnerability handling, CE marking | IoT devices require EU cybersecurity certification (CE mark) before market entry | Dec 2027 |
Note: This list is illustrative, not exhaustive.
How Telenor IoT Supports Cyber Resilience
At Telenor IoT, we believe collaboration is central to building secure and compliant solutions. We support enterprises and other stakeholders in the European IoT industry in several practical ways:
- Designing for security from the start: Taking in requirements on cybersecurity and international connectivity early means avoiding costly redesigns later.
- Testing and validation: Using our test labs to validate solutions under realistic but controllable conditions before costly field testing.
- Pre-certified solutions: Our IoT Complete service offers connectivity hardware integrated with managed connectivity certified according to e.g., EN 18031 cybersecurity standard simplifies compliance and reduces time to market.
- Ongoing monitoring: We continuously monitor all managed connections using proprietary AI-monitoring tools to rapidly detect and address vulnerabilities as quickly as possible.
- Compliant services: Adherence to industry standards and regulations such as ISO 27001 and NIS2.
Together we can innovate and increase the resilience of IoT solutions and efficiently meet evolving cybersecurity regulatory obligations.
Longer-Term Opportunity: Building Customer Confidence
While today’s environment is challenging, there is also opportunity. Companies that invest in security and compliance now will be better positioned to build customer trust — in Europe and globally.
Enterprises that can demonstrate both resilience and compliance will not only reduce risk but also create a competitive advantage in Europe and beyond. In this sense, cyber resilience becomes more than a defensive strategy; it becomes a driver of growth and confidence.
Done right, the European IoT industry can come out more resilient and bring innovation and differentiation globally.
Conclusion: IoT Cyber Resilience Is Possible
The Arthur D. Little event made one thing clear: security and regulation are becoming increasingly challenging, but IoT cyber resilience is achievable. It will require innovation across the ecosystem and collaboration between enterprises, providers, and regulators.
For leaders, the takeaway is simple: security is no longer a technical issue alone. It is a strategic concern — and an opportunity. Those who address it proactively will earn trust, strengthen resilience, and position themselves to succeed in an uncertain world.
We must treat security as a shared responsibility and opportunity across the IoT ecosystem.
A Perspective from Our CMO
Dr. Cristoff Martin
CMO, Telenor IoT
Cristoff Martin leads Telenor IoT’s marketing and strategy activities, including IoT Complete. His first IoT experience dates back to 2003, when he researched connected vehicles over satellite. Since then, he has held senior roles in telecom and high tech, and since 2017 has served as CMO of Telenor Connexion, Telenor Group’s international IoT company.
Get a Free Consultation
