A successful digitalization strategy of companies needs adequate cybersecurity. From this, it can be deduced that a cybersecurity strategy must be digital and must be based on the business model and digitization. And because the dynamics of digitization are high, the connection between these two subject areas is all the more critical.
In its special evaluation in the context of the corona pandemic, the Federal Criminal Police Office highlighted the acceleration of digital services.
“In the wake of the Corona crisis, society is increasingly turning to the digital world – a perfect breeding ground for cybercriminals.” (BKA, Cybercrime in Times of the Corona Pandemic, September 30, 2020). As a logical consequence of increasing digitalization, you have to be continuously and better prepared for cyber attacks.
This development shows that the approach of linking cybersecurity and digitization is sensitive and promising. This will lead cybersecurity out of the expert niche, just as it is becoming increasingly clear that digitization must not be a pure expert topic either. Consistently taking this idea further means that an attitude towards cybersecurity is needed in companies that understand cybersecurity as part of business and not as a trade-off for business – cybersecurity enables digitization.
Because just as digitization is a continuous process, cybersecurity is also a field of activity that companies must continuously develop. There will be no “finished” in either digitization or cybersecurity – they are permanent tasks.
Further connections can be drawn between the requirements for an organization for successful digitization and successful cybersecurity. This creates an intensifying interaction between cybersecurity and digitization.
Aspects Of Digitization
As an example, the Institute for the German Economy study is to be used for the requirements of digitization. The study (IW, digitization and employee-oriented leadership, 2020) shows three megatrends for digitization.
- Temporal and spatial flexibility of employees
- Automation, computerization, and artificial intelligence
- Change, responsibility, trust in leadership
Changed, more mobile forms of work ensure a greater degree of freedom of action and, as a result, more self-control and self-control, but possibly also increasing uncertainty. This, together with the advancing technological development, ensures changed areas of competence and tasks. In particular, willingness to change and creativity are required to maintain the innovative strength of companies and to be able to react quickly and appropriately to changing market developments. Innovation comes from trying, and courage, combined with a constructive error culture in which errors are recognized early and a corrective response is made.
If these consequences are transferred to the requirements for cybersecurity, it becomes clear that cybersecurity competence is essential for every individual. With the increasing freedom of action, it is necessary to assess possible risks and limits, i.e., to question things critically. Therefore, digitization competence and cybersecurity competence have similar requirements, in which independent action is an important part.
The Changed Role Of Experts
Data’s outstanding role in digitization and society becomes apparent in the federal government’s data strategy. “Data forms the basis of the digital society. Using more data in an innovative, responsible, and public-good-oriented manner can significantly improve coexistence in Germany, Europe, and the world and protect natural resources. “(The Federal Government, Data Strategy of the Federal Government, January 27, 2021)
The area of responsibility of cybersecurity is based on the protection requirements of data and business processes, so an order for cybersecurity can be derived from the data strategy.
The role of cybersecurity experts contrasts with changed framework conditions, which also influence the area of responsibility. The challenge is to protect companies as best as possible and to enable the digitization requirements described above. The term used, security awareness, needs to be thought further. Instead, what is required is a security culture that makes cybersecurity part of the corporate culture. Cybersecurity experts are faced with the challenge of promoting this and dealing with the business model themselves. This includes using safety technology to create a strong foundation that ensures that work can occur under protected conditions. What security technology cannot cover, it is necessary for employees in companies to offer a framework in which the increasing freedom of action, self-control, and self-control is protected. And part of the framework is to enable employees through training, advice, and support to carry out the respective tasks in the company in a safety-conscious and safety-competent manner.
Cybersecurity As A Corporate Responsibility
Understanding the task of cybersecurity as an attitude makes it clear that it is a task for the company itself and all employees. Behind these are values with which companies can assume responsibility for the company, employees, customers, and business partners. As a further consequence, cybersecurity is a part of digital corporate responsibility. This is clearly and explicitly emphasized in the Federal Government’s data strategy already cited:
“All actors in the data society have a responsibility to create and promote trust. We want to create a digital future that people can trust. Our goal is that people are protected by legal regulations and technical measures and can act in an informed manner: self-determined and competent, independent and secure. “(The Federal Government, Data Strategy of the Federal Government, January 27, 2021)
This strategic perspective can also be found in the cybersecurity strategy for Germany (Federal Ministry of the Interior, for Building and Home Affairs, draft cybersecurity strategy for Germany 2021, June 2021)
The three guidelines enshrined in it
- “Establishing cybersecurity as a joint task for the state, business, science, and society
- “Strengthening the digital sovereignty of the state, business, science, and society.”
- “Make digitization secure.”
Seamlessly complement the data strategy and highlight the social importance of cybersecurity. The cybersecurity strategy shows specific fields of action that can be transferred to the cybersecurity strategy of companies. For companies, critical areas for a digital cybersecurity strategy can be derived from these fields of activity, for example, in the following three areas
- Safe and self-determined action in a digitized environment
- Joint order from specialist and technology areas
- Powerful and sustainable cybersecurity architecture
The cybersecurity and digitization requirements described in this article are addressed in these focal points. If companies anchor this in their cybersecurity strategy, successful implementation supports both digitization and business development. Based on the two referenced strategy papers, “data strategy” and “cybersecurity strategy,” the mutual dependence of digitization and cybersecurity becomes abundantly clear; It only seems logical to use these two strategies in combination.
In summary, designing cybersecurity successfully means that it is anchored in the corporate culture and, in particular, is a topic for top management.
- As a topic for all employees, not only – but also – cybersecurity experts.
- As a corporate responsibility, as a business issue, and as a business support function.
- As a permanent task that has to be continuously developed.