As 2024 draws to a close, we are already seeing major companies in the physical security industry releasing their market and technology trends forecasts for 2025. Here, Lennart Alexandrie, Publisher at AR Media International AB, looks ahead to what we might expect to see in 2025, with particular emphasis on the trend which perhaps will have the most immediate impact on both the industry and society at large -cyber security.
Cloud usage and AI development have been recurring themes in these forecasts and will likely continue to dominate for years to come. The cloud is also a key driver of the ongoing transformation within the security industry, shifting from traditional product-based business models to service-based ones, as seen in many other sectors.
The trend with perhaps the most immediate impact on both the industry and society at large is cyber security. In recent years, numerous high profile cyber attacks have been reported, causing significant damage to municipalities, public organisations, and private companies worldwide. In a geopolitically unstable world, with attacks orchestrated by hackers linked to state actors, the cyber threat has become increasingly severe.
What makes cyber security such a pressing trend in 2024 is the tightening of security regulations under the European Union’s Network and Information Security Directive, second edition (NIS2). This directive, which must be implemented into national legislation by all EU countries by October 17, 2024, introduces substantial changes.
NIS2 covers systems linked to critical infrastructure and mandates specific measures to strengthen cyber security for networks and connected systems. These new regulations require organisations to adapt their processes to meet the updated standards.
In addition to NIS2, the introduction of the Cyber Resilience Act (CRA) adds further requirements. This EU regulation sets minimum cyber security standards for products with digital elements. CRA stipulates that connected products, such as cameras, must be designed with security in mind, protected against known vulnerabilities, and receive regular security updates.
These regulatory changes mean that installers and integrators in the physical security industry must ensure that the manufacturers they work with comply with CRA requirements and that installations meet NIS2 standards. Ultimately, however, the responsibility falls on the end customer, who must choose the right suppliers and ensure all requirements are met to avoid costly penalties.
Although NIS2 should have been incorporated into national legislation by October 2024, this does not mean companies must be fully compliant immediately. There is still time to make adjustments, but by 2025, full compliance should be achieved. Daniel Hjort, Chief Marketing Officer at IN Groupe and Nexus, has noted that it can take 9 to 15 months for companies already compliant with the original NIS directive to achieve full NIS2 compliance.
This highlights the urgency for organisations to start working towards compliance as soon as possible, especially those aiming to supply security systems for critical infrastructure.
Cyber security will thus be a focal point for many players in the industry, whether they are manufacturers, installers, or integrators. Adapting routines, training staff, and ensuring the quality of deliveries to meet NIS2 requirements will be critical for many businesses. Another challenge will be ensuring that subcontractors of NIS2-compliant providers also fulfill their obligations so that overall compliance is not jeopardised.
NIS2 compliance, primarily aimed at strengthening cyber security, will be a decisive factor in determining which providers can supply systems for critical infrastructure installations. One thing is certain: the hefty penalties awaiting end customers for non-compliance leave no room for mistakes or negligence in procurement processes. Adhering to cyber security requirements is no longer optional – it is a necessity, even in the physical security industry.