Companies in the 21st century face the great challenge to advance digitization. This means to increase efficiency, reduce costs and deploy new, innovative IT-products and –services that also enhance cyber security.

Various studies and statistics show a clear tendency: crime is increasingly shifting to the Internet. Just in Austria, the authorities recorded a 27.5% increase in Internet-based crimes between 2018 and 2019. According to the IT-trend-study 2020 by Capgemini, almost 63% of companies in German-speaking countries now intend to increase their IT-spending, compared to around 44% in the previous year.

With this tension, between the necessity for digital transformation and the existence-threatening cyber-attacks, cyber-security comes into play. Pursuing a sustainable security strategy is almost indispensable for companies. From the entrepreneurial point of view, cyber security is now at least as important as fire protection, for which usually each company has an understanding. For companies fire-protection is primarily a personal safety issue with official regulations that must be observed. Cyber security, on the other hand, is (only) a data protection issue from the point of view of the authorities, and this is probably the biggest difference in the perception of companies when it comes to the willingness to invest in security.

Identify weak points

The fire-hazard is evaluated by site inspections and tests of the fire-protection-equipment by experts in order to uncover weak points and identify potential for improvement. The same approach is used to manage cyber-threats.
The cyber-risk potential of the entire company is recorded and evaluated within the scope of a risk assessment, whereby organizational aspects (e.g. security policy, employee training) and technical aspects (e.g. design of the server landscape, firewalls) will be considered. This is usually done based on relevant standards such as an ISO 27001 or the COBIT basic-protection.

A further or additional welcome step is for example a penetration test. Here the digital “fire-protection-gates” of a company are tested under strict security-regulations or a “fictitious digital-fire” is set to see how the IT-security reacts in case of an emergency.

Companies also are hold regular fire drills to train employees for emergencies. In the event of a cyber-attack, unqualified employees are the greatest weakness, while trained employees are the greatest strength when it comes to averting or mitigating cyber damage. Regular cyber awareness training ensures that cyber-dangers are recognized timely and that the right measures are taken in case of an emergency.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60