Digitalization is everywhere. Many of the firms consider digital presence to be a strategic advantage, and especially SMEs are confronted with this challenge. It is true that digitalization creates competitive advantages for a firm but underlying this very advantage is a sheer requirement of the data protection. According to an estimate, an annual global increase of 3 trillion dollars (2015) to 6 trillion dollars for cybercrime costs is predicted by the year 2021. So, how accurate is the myth of cyber security and vulnerabilities to data theft? How can firms protect their most valuable asset that is their digital data?
In order to emphasize the importance of this growing economic threat, within the scope of our master level course Industrial Organization, a workshop and a guest lecture was organized with the IT security consulting firm called ProSec Networks. The main objective of this session was to introduce students with a new organizational design where vulnerabilities to IT security system can be minimized. According to their survey study, on average, entrepreneurs prioritize cyber security only moderately. This showed that firms acknowledge the need of IT-security but not to its required full extent. Both of our guest speakers, Mr. Tim Schughart (CEO) and Mr. Immanuel Bär (DEO) emphasized that ensuring the security of information is a strategic managerial task. It involves setting goals, creating efficient organizational structures and developing processes to ensure that suitable protective measures can be implemented. They also demonstrated few of the potential vulnerability risks in the current IT-security systems of a firm. While, discussing the recent cyber-attacks, they also brought forward the need of standardized and continuously updated IT- security systems regulated primarily by the government.
This significant and yet not well understood strategic aspect of organizational structure needs our attention. This demonstration of cyber security vulnerability raised awareness of students and they learned how IT-security compliance should be central to their future business models.