78 percent of decision-makers for digital security in Germany consider a change in cybersecurity strategy to be essential. This equates to an increase of eight percentage points over the previous year. The view of 80 percent of decision-makers is that traditional IT security is no longer in a position to protect companies. These are the findings of Command Control Cybersecurity Index 2020*, for which 300 decision-makers were surveyed on behalf of the new Cybersecurity Summit Command Control (March 3–4, 2020 in Munich).
In the past the security strategy of most companies was designed to ensure that the IT technology of their own company was completely watertight to attacks. However, it has now been recognized that total security in the age of networked internet, cloud and industry 4.0 applications is not possible. Therefore, 80 percent of decision-makers are of the view that attacks cannot be totally prevented and that as a result one hundred percent cybersecurity does not exist. In future they want to realign the focus of their security strategy on keeping the consequences of attacks or incidents as low as possible. It is therefore a question of resilience.
Although most companies have already implemented appropriate individual measures such as action plans for an emergency (86 percent), special crisis communication measures (87 percent) or the standardized test of new technologies for cybersecurity risks (88 percent), there is still a big demand backlog for robust resilience. For example, less than one in every five respondents viewed their own company as being in an excellent position to handle the most serious data losses without any problem or to be able to maintain uninterrupted business operations in the event of a serious incident. Often the companies themselves stand in their own way. Almost 60 percent of decision-makers are of the opinion that company structures make cybersecurity more difficult.
There is a widespread willingness to take specific measures: 83 percent of companies want to invest in cybersecurity and digital security in the next few years. For about 60 percent the need to invest is urgent. In these situations, companies are not only considering expanding or modernizing of their technical infrastructure (79 percent), but also their workforce. For example, 86 percent of companies are of the view that they require more specialists to meet the security challenges of the future.
“Exchanges with international cyber and risk visionaries, along with networking with digital decision-makers from other companies, are some of the most important actions to be taken when it comes to driving forward the remodeling of traditional IT security into resilient cybersecurity,” says Katharina Keupp, Project Manager of Command Control. Oxford Professor Viktor Mayer-Schönberger will explore this strategy change in detail at Command Control 2020. In his keynote address entitled “Rethinking cybersecurity—cyber-resilience requires a new mindset” he urgently demands more resilient cyber defense structures. His current research project on individual cybersecurity behaviors has revealed important findings on this issue.
Command Control is an international cross-sector summit on the issue of cybersecurity established by Messe München in 2018. The event is targeted at all decision-makers who are involved in the digital transformation of a company and also offers numerous training and networking opportunities. For instance, best-practice workshops, peer-to-peer sessions, panel discussions and keynote addresses from leading experts from business, academia and politics will share the expertise required for managing the secure digital transformation of a company. The next Command Control summit will be held at the ICM – Internationales Congress Center München from March 3–4, 2020.