With the increasing complexity of corporate information networks and the increasing number of security threats, cyber security is becoming more and more important – and is seen by corporate management as a strategic priority, as the recently published Horváth study “Adaptive IT 5.0” clearly shows. For this purpose, 350 companies were surveyed for the fifth year in a row – on the interlocking of business with the IT organization, the role of the CIO and the CISO and the resulting fields of action in the area of digital security within the next three years.
- Cyber security has been recognized as a trend – there are still problems when it comes to implementation
- Companies are working flat out on cyber security strategy and control
- The role of the CISO is becoming more strategic and meaningful
- Professionalization of operational cyber risk management is essential
- Cyber resilience as a prerequisite for sustainable corporate success
Cyber security has been recognized as a trend – there are still problems when it comes to implementation
Although IT and cyber security are very high on the management agenda, only half of the companies have implemented the necessary measures, as the study shows. However, 90 percent of those surveyed recognize the need to catch up and are planning massive investments in this area.
Companies are working flat out on cyber security strategy and control
Fields of action IT and cyber security today and in three years.(Image: Horvath)
While currently less than 60 percent of the companies surveyed have integrated the topic of information security as a central component of their corporate strategy, more than 90 percent plan to implement this in the next three years and to define a closely linked IT security strategy derived from it. The study also shows that just over half (55 percent) of the companies have implemented a systematic information security management system (ISMS).
The role of the CISO is becoming more strategic and meaningful
The role of the Chief Information Security Officer (CISO) is already firmly established in the majority of companies. However, more than 90 percent assume that this role will continue to gain in importance in the future. As those primarily responsible for information security and protection against cybercrime, the scope of tasks for CISOs is becoming increasingly larger, more complex and more strategic. Compared to today (48 percent), they will therefore increasingly report directly to the management (+33 percent) in the future.
Professionalization of operational cyber risk management is essential
But not only the importance of the CISO role is intensifying. The companies surveyed for the study also recognize the need to professionalize operational cyber risk management.
Compared to today (57 percent), around 90 percent want to carry out a systematic cyber security threat analysis in the future in order to be able to optimally prepare for possible dangers. This also includes the operation of a professional Security Operation Center (SOC) for the identification, analysis and handling of IT security incidents. Although less than half of the respondents have an SOC today, almost 90 percent want to introduce one in the next three years. Following on from this, only around two-thirds (62 percent) have now defined the necessary measures and emergency plans for IT security incidents. However, over 90 percent of companies want to massively increase their ability to react in order to be armed against the possible dangers in a digital business world.
Cyber resilience as a prerequisite for sustainable corporate success
The Horváth study “Adaptive IT 5.0” shows that IT and cyber security is a top issue for companies. Driven by digital transformation, geopolitical crises and trends such as cloud computing, there is an enormous need for investment in IT and cyber security. In addition to organizational issues, a comprehensive IT security strategy with derivation of threat scenarios and consistent operational cyber risk management must be established and professionalized. The creation of cyber resilience is becoming a basic requirement for sustainable corporate success.
As of 10/30/2020
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.
Consent to the use of data for advertising purposes
I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.
The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.
If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.
right of revocation
I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.