© istockphoto.com/Andy

“Companies should expect to fall victim to a serious cyber attack at some point, even if they do take adequate precautions against IT threats.”

An interview with Jana Eiser-Mauthner and Dominik Helble of the Cyber Alliance project group, which was formed by Allianz Industrie 4.0 Baden-Württemberg.

84% of roughly 1,000 companies surveyed by industry association Bitkom said they were victims of data theft, espionage, or sabotage in 2021. The study also found that the level of damage caused by such attacks almost doubled compared to 2018/19. Small and medium-sized companies have also been affected by this trend, for many years either falling victim to large-scale, automated attacks, or becoming caught up in attacks on the supply chains of global corporations. Allianz Industrie 4.0 Baden-Württemberg is a network formed to pool know-how in the fields of production and ICT with partners in industry. It also offers support to industrial SMEs dealing with the move toward connected manufacturing, or Industry 4.0. TRANSFER magazine recently met and interviewed Jana Eiser-Mauthner and Dominik Helble, who both play an active role in the network as members of its Cyber Alliance project team.

Hello Ms. Eiser-Mauthner. What do you think are the biggest cyber threats to companies in Baden-Württemberg? And are companies aware of them?

Jana Eiser-Mauthner:
According to the Allianz 2022 Risk Barometer, cyber threats are the biggest area of concern for companies worldwide. Companies are more worried about the threat of attacks through ransomware, data breaches, or IT outages than they are about business and supply chain disruption, natural disasters, or the coronavirus pandemic.

This situation is not expected to get better in the foreseeable future. In its assessment of the state of IT security in Germany, the Federal Office for Information Security assumes that the methods of extortion in cyberspace will become more prevalent. It described a trend toward so-called big-game hunting – i.e. enterprises with high revenues being blackmailed with encrypted files and data exfiltration. Threats in cyberspace are thus more serious than ever, it said.

In a study conducted by Bitkom, the industry association, it was calculated that cyber attacks and their impacts cause around 203 billion euros of damage to the German economy each year.

Most of this damage is not just caused by things like ransom payments or hush money, but also disruption to business operations, which can sometimes last for weeks or even months.

So bolstering cyber security prophylactically is an absolute must for companies. That said, the current and future level of threat means business leaders can never assume they’ll be 100 percent safe when it comes to cyber security. If anything, they should expect their companies to fall victim to a serious cyber attack at some point, even if they do take adequate precautions against IT threats.

In terms of dealing with complex cyber incidents, both the companies that have been attacked and their employees are often challenged – in qualitative and quantitative terms. On the one hand, the vast majority of companies lack highly specialized personnel such as digital forensic experts or incident responders. They also lack people in numbers, with the basic IT knowledge they need to deal quickly with a crisis – people, for example, who are able to quickly reinstall thousands of IT devices. And then on the other hand, crisis management can be new territory for people in IT; they’re not familiar with the complex demands of a crisis situation, because ideally things have been operating normally for years.

Hello Mr. Helble. The steering committee of Allianz Industrie 4.0 Baden-Württemberg defined cyber security as a key topic for a project group in 2022. Was there a particular reason for specifically forming a “cyber alliance?”

Dominik Helble:
IT providers may be able to help companies with things like responding to a cyber attack, but as we’ve seen in the past, those providers are also limited in capacity terms, so if a large number of cyber attacks happen simultaneously, for example if there’s an attack on an IT supply chain, it’s not possible to provide the required level of support to all of the companies that need help.

Even if cyber security and law enforcement agencies do react and attempt to help, they can’t plug the gap in capacity terms – not for the majority of companies. Either the support offered by the government benefits a limited target group of the critical infrastructure (CRITIS), or initially the incidents that are dealt with are restricted to areas of law enforcement – for legal reasons – but that doesn’t include full business recovery.

Cyber alliances can fill those gaps and play an important role in responding to cyber attacks by making it possible for different organizations to collaborate and share information and resources.

What goals specifically is the Cyber Alliance project group pursuing?

Jana Eiser-Mauthner:
A crucial element of crisis management, especially after a serious cyber attack, can be the support companies offer to other companies in the cyber alliance, especially during phases of detection and response, but also the recovery phase. A cyber alliance can help accelerate the response time to a cyber attack by providing access to a network of experts who are in a position to respond quickly to a threat.

We’ve already had hands-on evidence of the benefit this offers, following a cyber attack in the Esslingen area in 2021, when companies offered support to other companies on an informal basis. Looking back, however, it was clear that fundamental legal and organizational issued must be addressed for mutual support to be sustained and extended.

So in keeping with this, the goal of the project group was to develop guidelines that stand up in legal terms and can be used by local initiatives to establish cyber alliances.

What can companies do in concrete terms to derive benefit from the work of the project group?

Dominik Helble:
To set up and run a cyber alliance you first need to clarify legal and organizational issues. The assessment made by the legal experts in the guidelines – regarding liability, antitrust issues, competition law, and labor law – highlights that it is possible to set up and run cyber alliances in keeping with legal requirements.

The guidelines help with preparation work, planning, setting things up, and the actual running of a cyber alliance in business, and they’re aimed at companies of all sizes and sectors of industry. The idea is to help with practical issues by offering examples of best practice provided by experienced managers in IT security. One chapter has been put aside for a specialist law firm to discuss legal issues. The guidelines also offer practical support in the form of sample agreements and contracts. These can be used between the alliance partners in advance to establish legal certainty.

What status has the project reached now and what are the next steps?

Jana Eiser-Mauthner:
The guidelines for setting up cyber alliances are currently being finalized and will be made available on the Allianz Industrie 4.0 Baden-Württemberg website after the Hannover Messe. The aim is to talk to more people about the topic by organizing different events and encouraging companies to set up the first cyber alliances.


Allianz Industrie 4.0 Baden-Württemberg

Steinbeis is a member of Allianz Industrie 4.0 Baden-Württemberg, a network initiated and supported by the Baden-Württemberg Ministry of Economic Affairs, Labor, and Tourism. The VDMA office in Baden-Württemberg is responsible for coordination of the network. The members of the Cyber Alliance project group formed by Allianz Industrie 4.0 Baden-Württemberg include experts from the ministry itself, from companies, from research institutions, and other intermediary stakeholders from Baden-Württemberg. www.i40-bw.de

Contact

Jana Eiser-Mauthner (interviewee)
Project management, Allianz Industrie 4.0 Baden-Württemberg
Industry 4.0 Alliance Coordination Office, VDMA e. V. Baden-Württemberg (Stuttgart)

Dominik Helble (interviewee)
Head of Cyber Security
Festo SE & Co. KG (Esslingen)

223074-51