Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phil Englert recently highlighted an uncomfortable reality facing healthcare organizations: legacy medical devices remain one of the most significant cybersecurity risks in modern healthcare environments. Unsupported operating systems, limited security capabilities, patching challenges, and increasing cyber threats create a perfect storm for hospitals attempting to balance patient care, operational continuity, and cybersecurity. The challenge is not new, but it is becoming more urgent.

This year marks a pivotal shift in global cybersecurity regulation. Mandatory cyber incident reporting is no longer a recommendation—it is a legal obligation. Across major jurisdictions, regulations such as the EU’s Cyber Resilience Act (CRA), the NIS2 Directive, and the U.S. Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) are introducing strict reporting timelines, expanded scope, and significant penalties for non-compliance.

A global leader in point-of-care ultrasound and medical imaging solutions has transitioned to a dedicated KeyScaler-as-a-Service (KSaaS) environment, marking a significant step forward in its ability to scale securely, optimise performance, and gain deeper operational insight across its connected device ecosystem.

In automotive and manufacturing, digital transformation is no longer a future ambition—it’s operational reality. Connected vehicles, smart factories, and increasingly complex supply chains have introduced a new dependency: trusted device identity and secure key management at scale. And yet, many organisations are still: This gap is no longer just a technical issue—it’s a business risk.

The latest European Commission guidance on the Cyber Resilience Act sends a clear message to manufacturers of connected products: cybersecurity must be designed in from the start, maintained throughout the product lifecycle, and supported by demonstrable processes for risk management, vulnerability handling and ongoing support. For organizations building, deploying and managing connected devices, this is a significant shift. The CRA is not simply another compliance exercise.

RSAC remains the cybersecurity event. It is where the industry gathers to compare notes, pressure-test assumptions, spot the next wave of market change and, just as importantly, build the partnerships that will shape what comes next. This year in San Francisco, that energy was unmistakable. There was real buzz across the city, from the show floor and executive meetings to the side events and industry gatherings that increasingly define RSAC week.

by Darron Antill, CEO Device Authority Across the automotive and wider manufacturing industry, conversations around PKI and key management have moved from technical design discussions to board-level priorities. Regulatory frameworks such as UNECE WP.29, ISO 21434, and the emerging EU Cyber Resilience Act are fundamentally reshaping how OEMs and supply chain partners must think about cryptographic control.

The EU Cyber Resilience Act (CRA) establishes mandatory cybersecurity requirements for most products with digital elements placed on the EU market. It raises the baseline for secure-by-design/default engineering and, critically, makes post-market security support and evidence production a compliance obligation.

Automotive engineering teams are being asked to deliver faster, with less tolerance for failure. Software-defined vehicle programmes, secure OTA rollouts, zonal and service-oriented architectures, and continuous feature delivery are now baseline expectations. In parallel, regulatory pressure is increasing — from WP.29 (R155/R156), ISO/SAE 21434, and the forthcoming EU Cyber Resilience Act — tightening requirements around software integrity, traceability, and lifecycle governance.

As IoT and operational technology environments expand, organisations are discovering that a large portion of their device estate simply cannot be secured using traditional methods. Many devices cannot run agents, cannot be patched regularly, or cannot tolerate downtime. In 2025, this reality is no longer the exception—it is the norm.