The current Cyber Security Survey of the Federal Office for Information Security (BSI) should alert every CISO in Germany: Almost half of all large companies in Germany (43 %) reported security incidents in 2018. In the case of small and medium-sized enterprises, more than one in four (26 %) was affected. The trend has been emerging for years: data protection for sensitive company information is no longer optional, but essential for survival.

76% of the study’s participants already assess the risks posed by cybercrime as a relevant threat to the daily operations of their company. 88 % of the respondents expect that the threat situation will only intensify as a result of the advancing digitalization and adoption of cloud infrastructures. In this context, it is shocking to note that only 29 % of the institutions surveyed see data security as a competitive advantage. Only half of those surveyed are treating data security as a top-level management issue.

It has to be clearly said: anyone who has not yet grasped the risk data loss poses for a company and the importance of data security, anyone who has been putting off the subject in hope that there won't be a big bang, is playing with fire. And whether as a manager or an employee who is simply involved in data processing, they risk considerable legal consequences. What has been apparent for years has become clear again and again since January: data security is now a priority topic for companies. The BSI currently only recommends cloud use with data encryption according to its Basic Protection Compendium and central industry associations such as TeleTrust define data encryption in the cloud as current state of the art.

To those 71% who do not currently see data security as an advantage, it should be said that anyone who dreams of slimming down their infrastructure with cloud applications and working with 21st century IT has to also think about encryption. After all, anyone who has their data stored and processed on decentralized third-party servers must constantly ask themselves: Who has access to my data? Encryption gives a company the keys to its own data - and nobody else; no matter where the information is processed.

Anyone who refuses to accept this development risks the loss of personal data for their company in a best-case scenario, which carries with it the risk of severe fines that could quickly cause financial problems even for medium-sized companies. In a worst-case scenario, company and product secrets could leak to market competitors and help them undermine a company’s USPs.

If customer data is affected, penalties and trouble with supervisory authorities are compounded by severe damage to one’s reputation, which can hardly be compensated for with PR. The average user is increasingly interested in who can access their personal data - and who is willing to give their information to a company with a history of bad security?

Regarding the latest BSI study, every security officer in Germany should ask themselves the questions: What happens if my company is one of the numerous victims of data theft and security incidents that will happen this year? And what will I answer when asked how this could have happened? Will I be able to say with a clear conscience that I have used encryption to ensure that sensitive data can only be read by authorized users? Because the trend is clear: the question is not whether there will be a security incident in your company - but only when.