IT Security: Economic Sector Demands State to Impose Stricter Regulations

TÜV chairman, Michael Fübi, did not anticipate such a definitive outcome: “Companies have cast a surprisingly strong vote for tougher regulations of IT security in the economic sector.”

Fübi has called for appropriate measures to be taken – by which he means that a minimum standard for IT security should be implemented across all economic sectors and not just for companies who are in charge of operating critical infrastructures, as was previously planned.

The reasons for this unequivocal desire for stricter rules are obvious: for one thing, companies are aware of (and have experience with) a drastic increase in cybercrime; and, on the other hand, it is simply part of the digital transformation. 77 percent of companies surveyed stated that IT security had become increasingly important to them over the past five years.

Yet some companies still underestimate the importance of IT security. When asked about the important of IT security in their company, 14 percent responded that it plays only “a minor role or no role at all”.

The following figures from the study show that this approach could prove to be a grave case of misjudgment: 29 percent of those surveyed admitted that they had an IT security incident in recent years – and 13 percent of those occurred within the last twelve months.

The negative consequences resulting from these incidents come in various forms: 47 percent of those affected suffered financial losses and nearly every third company was temporarily unable to provide its services to customers. 12 percent reported damages to their image.

Only 40 percent of companies surveyed claim to have a designated budget for IT security. In other words, not even every second company has the required monetary means to implement an adequate IT security system. And there is one statistic that is especially alarming: 32 percent stated that they are simply willing to accept “certain risks” as being part of their day-to-day business in the IT sector.

As our work environments are becoming more modernized and digital, the question of IT security is gaining importance. Some specialized fields have long understood this fact, though the true value of an effective IT security solution has not yet reached all top management levels to the full extent. The odd consequence is that, now, almost every other IT manager is yearning for governments to impose stricter regulations. Their hope is that companies will be forced to do what is good for them and finally improve their IT security once regulations are in place.