Cybersecurity as a competitive advantage

What does cybersecurity have to do with the economic success of your company? Nothing, you think? Well, this view was perhaps still true 10 years ago, but nowadays, these two processes go hand in hand. As the digitalisation of companies continues to increase, so does the risk of becoming a victim of a digital attack. The methods are manifold and yet quite easily explained: Imagine receiving an email from the company management with the order to transfer a certain sum to a foreign account. This forms part of your daily work; so, nice and straightforward. But now it turns out that although the email looked deceptively genuine, it did not come from the company management but cunning cybercriminals.

Perhaps you are a ward physician at a hospital and discover that you no longer have access to any patient files due to cybercriminals smuggling in a Trojan overnight with a code that has encrypted the hard drives. This requires you to pay X amount so that you can access your data again. This may sound like something out of a James Bond movie, but unfortunately, this is the harsh reality.

In 2018, about 70 per cent of all German companies were affected by cyberattacks, according to the industry association Bitkom. These are the official figures. The number of unreported cases may even be higher, as it can be assumed that incidents such as these are often concealed from public view so as not to damage the company's reputation. Cybercrime is therefore not an isolated incident. It is often underestimated just how much damage it can cause.

Now the question arises as to what can be done about it. The Federal Office for Information Security (BSI) has set itself the task of making Germany more resistant to cyberattacks. One method of achieving this is the BSI's IT-Grundschutz, which is considered a fundamental building block for information security in Germany. The operators of critical infrastructures such as food, but also water and energy, can secure the supply of services with the BSI's public-private cooperation, the so-called UP KRITIS.

In addition to the BSI, the Federal Financial Supervisory Authority (BaFin) has also made it its task to take action against cyberattacks. Firstly, there is a questionnaire from BaFin to identify weak points in the company. The various chapters of this questionnaire can generally serve as a kind of checklist for analysing the security structure of a company. Included are points such as the responsibility of the management, the identification of general risks, the analysis of vulnerabilities, the identification of current threats, the integration of control mechanisms into the company's security concept, the analysis of various protective measures taken, the monitoring of cyberattacks, the detection of data leaks and the complete recording of one's own data.

Why all this is so important is also evident in the question of liability. Because the company itself, which has been the victim of a cyberattack, can sometimes be held liable. It can be held responsible if it has not set up a sustainable compliance management system to prevent such attacks. In some cases, this even directly affects the person in charge of compliance management if, contrary to their duty, they were negligent in taking appropriate measures to prevent such attacks.

The consequences of such negligence are enormous. These can be criminal in nature but can also entail fines or civil liability in terms of damages, for example.

So what does cybersecurity have to do with the economic success of your company? Nowadays, not everything, but a lot. So make sure that you and your company are protected in the best possible way to guarantee continued success because only those who are secure are also competitive.