The PSA Certified 2023 Security Report analyzes the relationship between security investments and legislation. The report found that three quarters (75%) of businesses report that security has become a bigger business priority in the last 12 months, and they are spending on average 15.3% more in security related areas in 2023 compared to 2022. 

The average spend per company on both continuous security investment and building security into products have both risen by 12%. Spending on external validation is also on the rise, with the spending on third-party lab testing and evaluation rising by 24% and spending on security certification by 14%.

Exploring the reasons behind the increased investment, a significant factor is the desire to align with upcoming regulation worldwide, particularly European Union (EU) legislation, which will have a big impact on businesses both inside and outside the EU. Around half (49%) of those asked globally are monitoring and actively trying to adhere to the EU Cyber Resilience Act, 40% say the same of the EU Radio Equipment Directive (RED) and 39% say the same of the U.K. Product Security and Telecommunication Infrastructure (PSTI).

Regulatory compliance was cited as a top three priority by 75% of respondents. Despite the pain points associated with ensuring compliance, 71% welcome new regulation and 69% are aiming for ‘first mover advantage’ by aligning with regulation ahead of time to gain an edge over competitors. Particularly notable is that 68% think they are already ahead of what’s required.

Almost two-thirds (65%) look for security credentials when buying connected products as a consumer, and they are willing to pay more for it: 69% say they are happy to pay a premium for built-in security.

More than half of those polled say a security certification is useful in proving robustness to customers (53%) — a 21% year-on-year increase. Lack of security specialists (29%) and complexity (25%) were the top barriers cited to implementing stronger security.