News Hub

UK announces ‘world-first’ laws to protect consumers from cyberattacks

Written by Wed 1 May 2024

The UK Government has announced new consumer protections against hacking and cyberattacks as internet-connected smart devices will be required by law to meet minimum-security standards. 

In a world first, manufacturers will be legally required to protect consumers from hackers and cybercriminals from accessing devices with internet or network connectivity.

“Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data, and finances better protected,” said Julia Lopez, UK Minister of State for Media and Data.

The new regulations will prohibit manufacturers from using weak, easily guessed default passwords such as ‘admin’ or ‘12345’. Instead, users will be prompted to change common passwords upon start-up. 

UK Laws Garners Support and Criticism 

The new measures within the Product Security and Telecommunications Infrastructure (PSTI) regime aim to enhance UK cyber defenses and protect both domestic and global economies from malicious interference.

“The use and ownership of consumer products that can connect to the internet or a network is growing rapidly. UK consumers should be able to trust that these products are designed and built with security in mind, protecting them from the increasing cyber threats to connectable devices,” said Graham Russell, CEO of the Office for Product Safety and Standards (OPSS).

Within these measures, manufacturers must disclose contact details, facilitating the reporting and resolution of bugs and issues. Transparency requirements will also compel manufacturers and retailers to inform consumers about the minimum timeframe for receiving critical security updates, enhancing overall security protocols.

These measures will also require manufacturers to disclose how to report security issues swiftly. Consumers and cybersecurity experts are urged to report non-compliant products to the OPSS to combat cybercrime effectively.

Chief Security Officer at SoSafe, Andrew Rose, said these measures are not enough. Rose stated any solution that ignores the human side of cybersecurity is ‘bound to have vulnerabilities’.

“We need to equip people with the knowledge needed to effectively protect themselves and their data … it all comes down to how well people are trained to use technology and how much they have made secure behaviour a routine,” added Rose.

New Laws to Improve UK Resilience Against Cyberattacks

The Government said this move marks a significant step towards improving the UK’s resilience towards cybercrime. The new protections will also help give users confidence in buying and using products, which will also help grow businesses and the economy.  

CTO at RiverSafe, Oseloka Obiora, said it is essential that the UK is made a safer place online in response to the increasing rise of cyberattacks.

“There is no doubt smart devices have become a big part of our day-to-day lives, creating an open door for hackers to gain all kinds of personal information and data,” added Obiora.

Vice President International for Absolute Security, Andy Ward, agreed with this sentiment, stressing the necessity of stricter protections in a ‘world where smart devices are an integral part of our daily lives’.

“Achieving this involves ensuring clear visibility and effective control over networks, and demanding a robust framework to improve network supervision and establish a solid defensive stance,” said Ward.

The Government quoted a Which? study which found a home filled with smart could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.   

“Smart devices have become an important part of our daily lives, improving our connectivity at home and at work; however, we know this dependency also presents an opportunity for cybercriminals,” said Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre (NCSC).

This initiative aims to improve confidence in product security, aligning with the government’s priority to stimulate economic growth. These laws are part of the £2.6 billion ($3.2 billion) National Cyber Strategy, reinforcing online protection and advancement in the UK.

In April, A UK Government survey found half of UK businesses have reported a cyberattack or security breach within the last 12 months.

Join Tech Show London

12-13 March 2025, ExCeL London

Be a part of the latest tech conversations and discover pioneering innovations.

You won’t want to miss one of the most exciting technology events of the year.

Written by Wed 1 May 2024

Send us a correction Send us a news tip