A leader of an enterprise bears responsibility. Cybersecurity is also a key aspect, drawing attention as new laws and regulations like the EU-wide Cyber Resilience Directive take shape, not to mention widespread headlines about large-scale cyber attacks. Fines of unprecedented magnitude for companies serve to underscore the urgency for organizations of all sizes to take action. The German Federal Data Protection Act, as outlined by the Federal Office for Information Security (BSI), sets a precedent that holds operators of “critical infrastructure,” providers of “digital services,” and companies deemed to be of special public interest liable for fines up to €20 million. The forthcoming NIS 2.0 directive will significantly expand the scope of affected companies, coming into force shortly.
The legal assault on multiple fronts is evident, as demonstrated by the recent survey from Sophos, which interviewed 5,000 global IT professionals specializing in cybersecurity at the start of 2024. According to German data, a staggering 59 percent of surveyed companies fell victim to ransomware attacks, with an alarming 70 percent of those cases resulting in the encryption of sensitive information.
These numbers starkly illustrate that a “business as usual” approach to IT security strategy is no longer acceptable. In risk management, it is crucial for business leaders and manufacturers to recognize that technical measures alone are insufficient. To effectively address today’s cybersecurity risks, human expertise is absolutely essential. Undurchsichtige Angriffe, bei denen sich Hackerschadensereiern unbemerkt und heimlich auf die Daten und Systeme ihrer Opfer zugreifen. To prevent damage from occurring in the first place, a combination of technical cybersecurity and specialized threat experts is required – a requirement also stipulated by the NIS 2.0 directive. Although these experts are difficult to find and often expensive. As a result, an increasing number of companies are turning to Cybersecurity as a Service, coupled with technical IT security solutions. Significant MDR companies (Managed Detection and Response), often referred to as managed detection and response providers, step in at this point. These guarantees a 24/7 coverage through a workforce of security experts specialized in detecting and eliminating cyber attacks that technological solutions alone cannot prevent?
Awareness of cybersecurity risks and commitment to implementing optimal security measures protects businesses and organizations of all sizes from cyberattacks – increasingly also safeguarding them against conflicting with cybersecurity laws.
