Statistics show that security problems do exist cross-sector.
Legal requirements explicitly specify protection of personal data
Especially this data like e.g. employee data, salary data, customer data, credit card data, supplier data etc. is the main target of attackers.
Failure to comply with the legal requirements results in considerable fines – up to personal liability of management members.
Personnel consequences on management level
IT security is – according to German law – TOP management responsibility and cannot be delegated.
If this duty of care is neglected personnel consequences may arise as well as holding the management personal liable.
Target‘s CEO and CIO were dismissed following a theft of 100 million customer data sets.
Each company owns information allowing them to be more successful than the competition. Exactly this information has to be protected.
Research results, CRM data, patent application, test results, market evaluation, internal calculations, freshet financial data etc., are examples for data worthy of protection.
The number of competitors‘ targeted espionage attacks increased significantly over the past few years. Isolating the systems containing sensitive data is technically not realizable any more as information is processed cross-system.
Financial losses as results of successful attacks
The results of a successful attack are estimated as 3 Million Euros per incident. These are directly related costs.
Significantly higher is the damage caused by defamation. Customers are unsettled and tend to choose the competitor. The sense of security is a hygiene factor not to be underestimated – especially in the digital world.
If the impression arises that the management is not able to control the subject „security“, personnel consequences are the result. The reason for the incident is of no significance.