Despite all the warnings, cybercrime has long been seen as a pure IT issue rather than a business risk. It took the effects of the NotPetya attack in 2017 to change this view, as several large companies reported high losses. According to reports, the attack cost transport giants Maersk and FedEx, advertising company WPP and household goods company Reckitt Benckiser several hundred million euros – making NotPetya the most expensive cyberattack in history to date.

Obstacle on the way to “Industry 4.0”

Almost overnight, a hypothetical problem turned into a recognized business risk. This realization, coupled with an increased awareness of data protection issues, is leading to a reassessment of cybersecurity management and responsibilities for this task – with top corporate management levels needing to address this challenge. Only by taking an integrated approach to business strategy and cybersecurity strategy can management identify risks at an early stage and make available the necessary resources to ensure rapid, innovative and secure growth of the company.

Cybersecurity risks have been included in a list of issues related to digital transformation and the early stages of data and automation-driven “Industry 4.0”. It is obvious that a lack of IT security is an immense obstacle to successful participation in Industry 4.0 – as can be measured in actual financial losses. So it is not surprising that addressing cybersecurity is now at the top of the to-do list at many management levels. The way in which this issue is integrated into the decision-making process of a company’s management provides insight into the maturity level of a company in dealing with cyberrisks.

Cybersecurity in businesses: a competitive advantage

The frequency of serious attacks makes cybersecurity a factor that exerts enormous pressure even on established, successful and experienced companies. Pursuing an innovative cybersecurity culture enables enterprises not only to protect themselves more effectively, but also to act faster and more flexibly than their competitors. To be successful, companies need to be able to manage change and even use it to their advantage.

A must: the CISO

Companies with an established and strong cybersecurity usually cannot do without a Chief Information Security Officer (CISO), who is a member of the executive management and reports to the risk management unit. The CISO plays a key role when it comes to linking business objectives with protection against increasingly complex and unpredictable cybersecurity risks. He has both the necessary technical expertise and management skills to solve potential cyberproblems.

Cybersecurity-Risiken

The onus is on management

The view that CEOs and executives should be held personally responsible for cyberattacks is not a new phenomenon. Just think of the consequences of the attacks on US retail chain Target in 2013 and on Sony the following year. After the attack on Equifax in 2017, voices calling for managers to be held personally responsible seem to have grown louder again. This is a sign of the changing culture of accountability because now senior management levels have to explain problems that may have occurred several levels below their position. Executive management increasingly needs to demonstrate that they have made investments and created decision-making structures that enable professionals in the various departments to manage data in a way that mitigates risk and develops appropriate response systems in the event of data breaches or attacks.

Author
Wolfgang Kiener

Wolfgang Kiener

Head of Center of Excellence

Wolfgang Kiener (M.Sc.) heads up the Center of Excellence for Advanced Threats in the Cybersecurity department of TÜV Rheinland. He is responsible for the strategic service development in threat management and operational technology security (industrial security). With more than 15 years of professional experience in major international corporations such as Siemens, T-Systems, Verizon and CSC, Wolfgang boasts extensive experience in the development of innovative security services taking into account technological and commercial aspects. He holds a number of IT and security certifications such as CISSP, CISM, CCSK, ITIL, ISO 27001 Lead Implementer und GIAC.
More Posts
electric mobility

Electric mobility: charging infrastructure getting more extensive

The new decade is all about climate protection – and one of the major challenges we face is climate-friendly (electric) mobility. The new EU emissions target, which comes into force in 2021.
Titles

Cool title – no applicants? Sorting the good ads from the bad

Skills shortages, the talent war and demographic change – all excellent choices for a round of buzzword bingo as played by HR specialists. The job market’s not getting any easier for employers.

Digital trends in 2020: ideas for making businesses more secure

How secure are the smart systems in our homes? How can we ensure that tomorrow’s digital solutions in the logistics, automotive and healthcare industries are secure from cyber attacks?
Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *