Boardrooms: cyber security important, but not a competitive advantage
Sophos has published the latest part of its large-scale management study "Boss, how do you feel about cyber security" for Germany, Austria and Switzerland. The figures now published from this year highlight, among other things, how C-level management in the three countries assess the impact of cyber security in their own company on business relationships.
The study is a continuation of a series of surveys from 2022 and was conducted again in the first quarter of this year by the market research institute Ipsos on behalf of Sophos.
All confirm the high relevance of cyber protection for business relationships
When asked how they rate the influence of an efficient cyber security infrastructure on their business relationships with customers and business partners on a scale of one (very important) to six (very unimportant), the vast majority of respondents in all three countries agree: 55% of managers in Germany consider cyber protection to be very important for business relationships, 46% in Austria and as many as 60% in Switzerland emphasize the relevance of implemented cyber security measures. This aspect was rated as important by 28% of German, 34% of Austrian and 32% of Swiss managers. None of the respondents believe that cyber protection is completely unimportant.
Significance high, actual influence low?
The very next question reveals a discrepancy in the bosses' assessment. While, as shown at the beginning, a very clear majority rated the influence of efficient cyber protection on business relationships as at least important, the reality check paints a seemingly different picture. When asked whether cyber protection had actually had an impact on cooperation with customers, just under 35% of German, 34% of Austrian and 40% of Swiss survey participants confirmed positively that they would indeed have lost customers without effective cyber protection. In contrast, the majority of respondents - just under 55% in Germany, 58% in Austria and 48% in Switzerland - said that their own company's cyber measures had not been an issue in their relationships with customers or in the acquisition of new customers. Only in Switzerland does this aspect prove to be more or less balanced.
Only very few companies report actual negative effects. One percent of management companies in Germany state that they have lost customers due to a lack of cyber protection. Two percent of companies in Switzerland and one percent of German companies have also lost new business for the same reason.
No competitive advantage, no communication
There is an even clearer discrepancy in the active communication of the cyber security infrastructure to customers and business partners than in the impact on business relationships. Only a good 29% of German and 24% of Austrian companies actively communicate their cyber protection to customers and business partners. In Switzerland, this figure is significantly higher at 40 percent.
By contrast, almost 66 percent of German, 68 percent of Austrian and 50 percent of Swiss companies do not include this aspect in their communication, arguing that the company's IT security infrastructure does not give them a competitive advantage with customers or business partners.
See and use competitive advantages: Doing the safe thing and talking about it
"First of all, it is a pleasing result that the management levels in companies attach such great importance to cyber security for their business relationships," says Michael Veit, security expert at Sophos. "At the same time, I am convinced that many companies that have an effective, modern cyber security infrastructure in place and do not communicate about it are missing out on opportunities. Those who use networked and intelligent protection technologies, for example, or also use external expertise as part of a cybersecurity as a service model (CSaaS), have implemented key elements of a modern, proactive security strategy. This can be a competitive advantage in view of the intensifying threat situation. In other words: those who are well positioned in terms of cyber security create trust for themselves and all partners. That's something we should talk about."
Source: www.sophos.com