TÜV Rheinland Blog - Insights from Asia and Africa

TÜV Rheinland: Cybersecurity has become a board-level issue

Posted by TUV Rheinland on Jun 18, 2019 8:00:00 PM
TUV Rheinland

Representative survey in Germany: Four out of ten companies mandate employees to attend training courses



Cybersecurity is increasingly becoming a top priority in German companies. This is one of eight trends identified by TÜV Rheinland in its Cybersecurity Trends 2019 publication. The problem: "For a long time, many companies have regarded cybersecurity not as a business risk, but as an IT problem. The attack with the NotPetya malware in 2017 changed this perspective," explains Wolfgang Kiener, the leading global expert responsible for threat management at TÜV Rheinland.

According to media reports, the cyberattack alone cost Maersk, FedEx and Reckitt Benckiser several hundred million euros. "Since 2017 and the appearance of the malware NotPetya, the management awareness for IT risks has increased considerably. Moreover, this increased management awareness is an urgent need in today’s world", observes Kiener. The consequence: long-term changes in the management of cybersecurity risks in organizations and the question of who is responsible for this problem.



Cybersecurity: Corporate culture for more security

The cybersecurity factor is exerting more and more pressure even on established companies. Whether and to what extent the issue of cyber security is integrated into the decision-making process of a company's management is an indicator of a company's maturity in dealing with cyber risks. "Those who counter this business risk at management level minimize financial risks and possible damage to their image. These are important prerequisites for safe and sustainable growth," says Wolfgang Kiener. For a long time now, this has not only been about possible technical solutions: "Companies not only protect themselves more efficiently with a lived cybersecurity culture, but also act faster and more innovatively," adds Kiener.

Training of employees is crucial

Many companies still find it difficult to see the profitability of investing in cybersecurity. In order to counteract this, TÜV Rheinland's experts believe that cybersecurity must also be seen as an investment in the qualification of employees. A representative survey commissioned by TÜV Rheinland in Germany shows that 41 percent of those surveyed have never received any training on the subject of data protection or data security in their company. Conversely, almost 42 percent of those surveyed stated that it is already mandatory in their company to complete a training course on data protection or data security. If only the IT specialists among the respondents are considered, 60 percent state that such training is obligatory for them. It is striking that a quarter of IT specialists have never taken part in such training.



"Include all employees without exception."

As a rule, a Chief Information Security Officer (CISO) is indispensable in companies with established cybersecurity. The CISO offers expert knowledge and can adapt structures in companies. "Our Cybersecurity Trends 2019 and the results of the survey show that those responsible for data security and data protection need to establish comprehensive structures in companies. The goal: All employees become part of the safety concept - and ideally without any exceptions, regardless of their position or type of employment," concludes Wolfgang Kiener. Comprehensive, regular and compulsory training is part of this. In addition, a comprehensive cybersecurity strategy must be formulated. Based on this, executives can see how much they need to invest in cybersecurity to help their business minimize cybersecurity risks and grow sustainably.

Published for the sixth time

TÜV Rheinland has published the forecasts of its world leading cybersecurity experts for the sixth time in 2019. In addition to the changing perception of cybersecurity risks, cybersecurity trends focus on how strongly cybercrime influences technologies such as Operational Technology (OT) in industry and the Internet of Things (IoT), and why the shortage of skilled workers could become a growing problem.

Detailed information and assessments on the current challenges in the expert study "Cybersecurity Trends 2019" can be found here at TÜV Rheinland.

Topics: cybersecurity, AA19_D01_CST