IT security raises productivity
- Innovation
- KOF Bulletin
Swiss companies are increasingly being confronted with IT security problems. There are significant differences between the various corporate sectors in the area of cyber defence and, in some cases, there is a great deal of catching up to do. Effective IT security is a prerequisite for using digital technologies to increase productivity.
The ongoing digitalisation of the economy also entails risks, with IT security becoming increasingly important for companies. In particular, digital networking with partners, suppliers and customers as well as using the Internet of Things to network proprietary systems increases the potential for cyber attacks.
The security aspect was therefore examined as part of a study carried out by KOF in collaboration with the Chair of Production and Operations Management (POM) at ETH Zurich on the subject of digitalisation. This study is based on data from the KOF Innovation Surveys from 2002 to 2016 and the Digitalisation Survey from 2016. The data from the KOF survey are representative of the Swiss economy and contain information on around 6,500 Swiss companies.
The challenges for companies are no longer limited to securing their IT infrastructure, i.e. their computers and software. They extend to all networked products, processes and services and also extend beyond the firm itself. Basically, it can be said that the more digital and networked companies are, the more important it is to protect their IT infrastructure, because the potential for security problems increases.
40 per cent of companies have security problems
KOF surveys have shown that around 40 per cent of Swiss firms with more than five employees have had to contend with security problems. These incidents have led to loss of earnings, essential data could not be retrieved, or customers were lost. Around 10 per cent of the companies affected suffered a moderate to severe loss of earnings, and roughly 17 per cent of the firms affected required a moderate to huge effort to repair the damage caused.
While the security problems faced by companies increased between the 2015 and 2017 surveys, there was little improvement in security strategies: firms did not implement IT security strategies any more often in 2017 than they had done in 2015. In 2017 the average company was using 61 per cent of the security technologies available. The security measures considered include data protection, a secure IT server infrastructure as well as encryption, authentication and attack detection systems.
Large companies are more frequently affected and better prepared
Although the increase in security problems is evident across all size categories, it is particularly evident in large companies. Small firms, on the other hand, are less frequently affected by security problems than large ones. However, they are also less likely to have a security strategy. Compared with 2015, however, small firms have caught up with the big ones in terms of infrastructure security.
Banks and insurance companies are the leaders in terms of both infrastructure security and security strategies. However, they are also the sectors most affected by security problems. The Modern Service Providers II group – which includes the telecom industry, media firms, IT companies and corporate service providers – invested heavily in security strategies between 2015 and 2017, which seems to have paid off: this group is now the least affected by security problems and the only one in which problems have decreased. Otherwise, security problems have increased across all industries.
The low-tech industry, traditional service companies and, in particular, the construction industry have the greatest pent-up demand in terms of IT security. Although these sectors are affected almost as much by security problems, they have invested relatively little in security technology and strategy. The construction industry is clearly lagging behind.
It takes more than just anti-virus programs and firewalls
The use of security technologies has a significant positive correlation with a company’s productivity. On average, however, total investment in digital technologies shows no significant correlation with productivity. Although this finding is surprising at first glance, it is nevertheless a well-known phenomenon in the economic literature: a company’s structural organisation, for example, can determine whether or not digitalisation makes a positive contribution.
In addition, the economic damage and costs incurred by data loss and, occasionally, IT failures owing to problems with viruses and other malware are considerable. It is therefore obvious that the use of IT security technologies to limit or prevent damage is essential for the productivity effects of digital investment to be realised.
This means that in order for digital investment to be employed productively, it is essential to invest in IT security. However, these IT security efforts must be extensive. The use of basic anti-virus programs or firewalls is not enough to achieve positive productivity effects.
A summary of the study and the full results can be found external page here.
Contacts
KOF FB Innovationsökonomik
Leonhardstrasse 21
8092
Zürich
Switzerland
KOF Konjunkturforschungsstelle
Leonhardstrasse 21
8092
Zürich
Switzerland