2021 / Awareness / Risk management

Budget in IT security!

Budget in IT security!

Every company has a budget that is dedicated to IT. Consequently, some of that should go toward maintaining the company’s cybersecurity. This can take on very different dimensions.

A budget for IT security!

Within a company you have different budgets for certain areas. For example, every company has a budget earmarked for IT security. Mostly, this amount comes from the expenses that were budgeted for the general IT of the company. A survey by the German Federal Office for Information Security(BSI) says that more than half of companies spend less than 10% of the budget earmarked for IT on cyber security. However, the BSI recommends investing up to 20% of the IT expenditure in the security of the company, otherwise it is usually not enough.

Such a budget can be invested in various things. On the one hand, there is the option of having a penetration test carried out and thus identifying vulnerabilities. Another option is to raise employee awareness, for example in the form of live hacking. Since humans are usually the greatest weak point in systems, such awareness measures are a prerequisite for a secure system environment for companies.

What incidents?

Recently, there has been an increase in attacks on businesses and merchants. For example, the electronics stores Media Markt and Saturn were affected by an attack. The hackers were targeting customer service and, for example, it was not possible to collect goods ordered online for almost two weeks.

Ransomware is usually used in such attacks, encrypting systems and only releasing them after a sum of money has been paid.

Another alarming example is the attack on the Eberspächer company. An attack occurred there, forcing the company to shut down all of its systems to avoid major damage. In the end, all IT systems had to remain offline for over a month. During this period, the automotive supplier with its more than 50 plants worldwide was therefore unable to generate normal sales. Presumably, this “offline month” was more expensive for the company than the budget they would have spent on IT security.

Reaction of the Schwarz Group

The Schwarz Group is a conglomerate consisting of the supermarkets Lidl and Kaufland. Now this company has decided to be better protected against cyber attacks in the future. Therefore, no less than 700 million US dollars have been set aside as a budget for more IT security. The special thing about this is that the Schwarz Group has commissioned the Israeli security service XM Cyber to do this. XM Cyber was founded by former Mossad agents Tamir Pardo, Noam Erez and Boas Gorodisski and mainly simulates attacks on the company to be protected in order to uncover vulnerable points. Mossad is an Israeli foreign intelligence service, comparable in structure to the CIA or the German Bundesnachrichtendienst.

With these examples one can see well that a sufficient budget for the IT security of an enterprise is worthwhile itself, since thus possible attacks can be prevented or weakened and thus the enterprise cannot come to a standstill.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.