By Thomas Völker
Digital processes and products are being introduced at a breathtaking pace. Many VDMA members are already innovation and market leaders. But there is a dark side to this pioneering role, as the joint VDMA and VSMA GmbH study "Cyber risks in mechanical and plant engineering" shows.
The rise of digitalization brings with it new risks. Cyber attacks by malware such as "Wanna Cry" are now a regular occurrence, causing billions of euros of damage. Medium-sized mechanical and plant engineering companies are increasingly being targeted by cyber criminals.
VDMA and VSMA have now compiled the results of a survey of well over 200 companies in the new study. Thomas Völker, Head of the Cyber Insurance department at VSMA, says the study sends a clear message: "Action is needed now." Half of the companies surveyed are still working with antiquated cyber protection and underestimate their risk. Top-level management at many companies remains unaware of the importance of specialized cyber risk management. According to the survey, around 88 percent of companies surveyed are underinsured.
Guidelines for protecting against cyber attacks
So what can be done? The study not only lists the results of the survey: It also contains guidelines for action and checklists to help managers protect their companies more effectively against cyber attacks. In addition, it presents up-to-the-minute information on security, as well as interviews with IT specialists and affected company owners.
Lack of transparency on services
Many of the companies surveyed put the insurance gap down to a lack of transparency in the services available on the market. This is now being remedied by the VDMA Cyber Policy, which has been developed especially for mechanical and plant engineering. Unlike the terms and conditions usually offered on the market, it offers blanket insurance cover for all significant first-party and third-party damage caused by attacks on the company IT system. The coverage also includes violations of data law, operator errors, media infringements and violation of the Payment Card Industry Data Security Standard.