IT security raises productivity

The ongoing digitalisation of the economy also entails risks, with IT security becoming increasingly important for companies. In particular, digital networking with partners, suppliers and customers as well as using the Internet of Things to network proprietary systems increases the potential for cyber attacks.

The security aspect was therefore examined as part of a study carried out by KOF in collaboration with the Chair of Production and Operations Management (POM) at ETH Zurich on the subject of digitalisation. This study is based on data from the KOF Innovation Surveys from 2002 to 2016 and the Digitalisation Survey from 2016. The data from the KOF survey are representative of the Swiss economy and contain information on around 6,500 Swiss companies.

The challenges for companies are no longer limited to securing their IT infrastructure, i.e. their computers and software. They extend to all networked products, processes and services and also extend beyond the firm itself. Basically, it can be said that the more digital and networked companies are, the more important it is to protect their IT infrastructure, because the potential for security problems increases.

40 per cent of companies have security problems

KOF surveys have shown that around 40 per cent of Swiss firms with more than five employees have had to contend with security problems. These incidents have led to loss of earnings, essential data could not be retrieved, or customers were lost. Around 10 per cent of the companies affected suffered a moderate to severe loss of earnings, and roughly 17 per cent of the firms affected required a moderate to huge effort to repair the damage caused.

While the security problems faced by companies increased between the 2015 and 2017 surveys, there was little improvement in security strategies: firms did not implement IT security strategies any more often in 2017 than they had done in 2015. In 2017 the average company was using 61 per cent of the security technologies available. The security measures considered include data protection, a secure IT server infrastructure as well as encryption, authentication and attack detection systems.

Large companies are more frequently affected and better prepared

Although the increase in security problems is evident across all size categories, it is particularly evident in large companies. Small firms, on the other hand, are less frequently affected by security problems than large ones. However, they are also less likely to have a security strategy. Compared with 2015, however, small firms have caught up with the big ones in terms of infrastructure security.

Banks and insurance companies are the leaders in terms of both infrastructure security and security strategies. However, they are also the sectors most affected by security problems. The Modern Service Providers II group – which includes the telecom industry, media firms, IT companies and corporate service providers – invested heavily in security strategies between 2015 and 2017, which seems to have paid off: this group is now the least affected by security problems and the only one in which problems have decreased. Otherwise, security problems have increased across all industries.

The low-tech industry, traditional service companies and, in particular, the construction industry have the greatest pent-up demand in terms of IT security. Although these sectors are affected almost as much by security problems, they have invested relatively little in security technology and strategy. The construction industry is clearly lagging behind.