What were the biggest challenges in the past year 2021?
We prepared a detailed security programme with many projects and continuous improvement processes that we are implementing throughout the Group – the limiting factor is especially the personnel resources on the Group level, but also in the companies, who have to help us with the implementation. In addition, there are some maturity differences among the companies that we have to balance as well as the integration of newly acquired companies. As a group with networked systems, we rely on everyone fulfilling the defined security standard, in the spirit of "think globally, act locally".
What priorities did Arbonia have in the area of cybersecurity in the financial year 2021?
Among other things, we have tried to raise the employees' awareness of cyber risks with an ongoing phishing and awareness programme. In addition, we have developed and adopted an information security strategy with different approaches and a resulting multi-year security programme. The goal was to achieve a stable cyber resilience with targeted, smaller measures across all companies. Furthermore, we implemented several large and Group-wide projects, such as, for example, the introduction of SIEM / SOC, a central collection and evaluation of relevant security logs in connection with an external 7x24h monitoring – or also the establishment of new Group-wide guidelines, for example, for connecting third parties to Arbonia systems.
How has the view of cybersecurity changed at Arbonia since you have held this office?
Previously, each subsidiary took care of the topic of cybersecurity mostly by itself. There was no overarching approach. In the past three years, awareness of the need for measures in this area in particular has increased considerably – among employees as well as especially among management. This has caused the commitment and the willingness to become active to increase. In the meantime, almost everyone has realised that cybersecurity is also a business enabler.
Why is the topic of cybersecurity also relevant to sustainability in your opinion?
Digitisation in general is a central issue in the area of sustainability. Smart processes and systems that control and optimise the use of resources in a targeted manner and thereby reduce environmental impacts to the greatest possible extent are decisive. As a result of their networking, however, such systems are also a target for attackers, which is why cybersecurity is so central for maintaining them. The number of cyber attacks has strongly grown in the last years and months and the threat situation has drastically increased. Finally, cybersecurity is the business enabler – when the systems are paralysed, a company cannot do business at all in most cases. Not doing business means not being able to exist sustainably, and it is very important to Arbonia to ensure that employees in particular have a sustainable work security.