Cyber Security: The Achilles Heel of Digital Transformation

As a result of the increasing digitalisation of the economy, cyber security is becoming more and more important. That is, at least according to 90 per cent of companies based in Baden-Württemberg. The majority of these companies also believe that the importance of cyber security is only going to grow over the coming years. The biggest cyber threat as perceived by firms is the intentional manipulation of their IT infrastructure and data by outsiders. This is the main finding of the newly released Monitoring Report DIGITAL Economy Baden-Württemberg compiled by the Centre for European Economic Research (ZEW), Mannheim, in cooperation with Kantar TNS on behalf of the Ministry of Economic Affairs, Labour and Housing in Baden-Württemberg.

“The digital networking and increasing exchange of data currently taking place in many firms is making their IT systems vulnerable to attack. Cyber security is therefore the Achilles heel of digital transformation,” says Professor Irene Bertschek, head of the ZEW Research Department “Digital Economy”. According to the newly released study, 90 per cent of firms in Baden-Württemberg recognise the critical importance of cyber security, with 71 per cent seeing it as either “extremely important” or “very important” and a further 19 per cent seeing it as “important”. And the significance of cyber security is only going to increase up until the year 2022.

Cyber security is particularly valued by financial and insurance service providers, which is to be expected given that these companies process highly sensitive personal data that is in particular need of protection.

Increased digitalisation brings growing risks, particularly of cyber-attacks

Companies with a digital infrastructure such as computer networks are vulnerable to cyber-attacks, that is, targeted attacks on their digital infrastructure from outside. These attacks can paralyse computer networks or destroy customer and employee data. The intentional manipulation of IT infrastructure and data by outsiders was perceived by companies as the most significant risk associated with cyber security, closely followed by increasingly complex IT systems, which often make it difficult to identify potential security flaws and fix vulnerabilities in the system as soon as they appear. At least two thirds of the firms surveyed view security flaws in hardware and software as well as the increasing exchange of data as cyber security risks.

Almost a quarter of companies already spend more than five per cent of their IT budget on cyber security

This increasing awareness of cyber security risks has led many companies to take action. Almost a quarter of companies already spend more than five per cent of their IT budget on cyber security, while almost all of the surveyed companies in Baden-Württemberg rely on password-protected systems as a security measure. 60 per cent of companies also encrypt their data and just as many regularly check their logfiles for cyber-attacks. Encrypted email communication is used in 59 per cent of the companies surveyed. Half of all firms are already providing their management staff with cyber security training and 40 per cent do this for other employees as well.  Meanwhile, 38 per cent of the firms agreed that IT staff need to be given regular training to keep up-to-date with new developments and have already implemented such training.

“In order to ensure the security of their IT systems, firms must be willing to constantly engage with the issue. As technologies continue to develop, so too must firms’ security frameworks and measures. This requires considerable effort but is essential for ensuring the continued success of digital transformation,” says Irene Bertschek.

According to the study, 87 per cent of firms in Baden-Württemberg would like to see the state government do more to promote research into cyber security. Meanwhile, 81 per cent of firms would like to be better informed on issues related to cyber security and 78 per cent would welcome state financial support for cyber security training initiatives.

For more information please contact

Prof. Dr. Irene Bertschek, Phone +49 (0)621/1235-178, E-Mail irene.bertschek@zew.de