Commentary by Richard Werner, Business Consultant at Trend Micro

Cyber incidents will remain the biggest business risk worldwide in 2024, according to the latest Allianz Risk Barometer. This includes data breaches, but above all attacks on critical infrastructure or assets and ransomware attacks. According to the survey, business interruptions are in second place in Germany. IT now forms the basis for almost all business processes. In the event of a compromise or disruption, all or many areas of the company are directly affected and business interruptions are quickly the result – which explains its place on the barometer.

The categorisation of cyber risks as the greatest business risk means that risk assessment plays an important role and therefore the responsibility naturally lies with the company management. All risks cannot be avoided. However, the special thing about IT risks is that they change dynamically and therefore need to be weighed up by management frequently and sometimes without warning.

Cybersecurity as a business enabler

Today, no CEO can avoid dealing with cyber risks and assessing their relevance for their own company. This is where the Chief Information Security Officer (CISO) is needed as the most important advisor who, alongside the CEO, has the relevant IT security information. The CISO needs to analyse internal and external IT security information in order to make a well-founded risk assessment. Companies need to know their IT environment and potential vulnerabilities in detail and analyse them in relation to current attack patterns and threats. By identifying and prioritising the greatest individual risks for their company, they can efficiently deploy security resources exactly where they need them most.

A recent study by Trend Micro in collaboration with the Brandenburg Institute for Society and Security (BIGS) emphasises that investment in cyber security is far more than a purely defensive measure. It is a significant lever for business growth and customer satisfaction. The study underlines the importance of a holistic and forward-looking approach: cybersecurity is therefore a key element for business success, creates added value for customers and promotes innovative business models. The right cybersecurity strategy will therefore become the business enabler of the future.

Skills shortage as a growing risk

Demographic change, which is particularly characterised by the retirement of the baby boomer generation from the labour market in all sectors, is also reflected in the current Allianz Risk Barometer. Worldwide, the worsening shortage of skilled labour is seen less as a business risk (10th place), whereas in Germany it is ranked fourth. The unemployment rate remains very low in many countries; in Germany, for example, it was 5.7 per cent in 2023, one of the lowest levels in the last 18 years. Companies are looking for employees in almost all sectors. The gaps in vacancies for IT and data experts are particularly large. According to BITKOM, there were 149,000 vacancies in the IT sector in Germany in December 2023.

AI tools offer relief

There are a number of technological support options to deal with the skills shortage in security teams struggling with the sheer volume, complexity and rapid development of threat data. The use of generative AI tools, such as “Trend Companion”, can help. Such tools, which are easy to use in simple language, reduce the complexity of security notifications and reports, which speeds up security processes.

Extended Detection and Response (XDR) can also add valuable automation capabilities to existing enterprise security systems. AI-supported XDR can increase the overall efficiency of a company’s Security Operation Centre (SOC) and reduce the workload of internal specialists. By utilising the technical possibilities of modern detection and response and maximising the support provided by automation and AI, companies can best protect themselves against the growing threat of cyber attacks.

Ransomware attacks in particular remain a lucrative business model for hackers. Such incidents are often only discovered when it is already too late. This is particularly the case in smaller companies that simply lack the resources for a sophisticated cyber defence strategy. To protect themselves, companies can rely on advice from Managed Security Service Providers (MSSP) to understand how they can compensate for the lack of specialists and ensure a comprehensive security strategy. This is because hardly any company, regardless of size, is still in a position to tackle the growing security challenges alone.