CRA: TÜV Association calls for more ambitious regulation
Every day, criminal hackers attack the networks of companies, authorities and other organisations - far too often with success. Cyberattacks are a real, omnipresent threat. This is why cybersecurity is becoming more and more important: it offers protection against online attacks.
Management and IT security officers are those responsible for ensuring this kind of protection in organisations. To do so, they need clear legal requirements - which is what politics is called to establish. The TÜV Association and its members therefore use their expertise to contribute to the discussions in the relevant forums in order to create the necessary standards with sufficiently high security requirements.
Businesses demand stricter rules
The need for action is growing - for companies as well as in politics. 47 percent of German companies are calling for higher legal IT security requirements. This is a result of a representative Ipsos-survey commissioned by the TÜV Association. 59 percent of the respondents consider legal action as important since it contributes to a better IT security for their company.
According to the "TÜV Cybersecurity Study", three out of four companies state that the importance of IT security has increased in the past five years. 78 percent of the respondents said that this is due to the progressing digitalisation, while 29 percent attributed this to a cyberattack in their own company.
Standards do help
According to the survey, standards such as ISO 27001 play an important role for the IT security of businesses. They provide rules and processes on how organisations can ensure security in practice. Independent bodies can confirm that companies comply with a certain standard through a certificate. By doing so, companies can document – for instance vis-à-vis their clients or suppliers - that their IT systems are as secure as possible. Two out of three companies are already oriented towards standards or even comply with them fully according to the TÜV Cybersecurity Study.
In addition, the TÜV Association considers legal requirements as a decisive factor in improving the protection of businesses and private users against cyberattacks. Therefore, the TÜV Association has issued two main recommendations for further action:
TÜV covers cybersecurity spectrum
With our wide range of services in the field of cybersecurity, we actively contribute to increasing the cybersecurity of public administration, companies, research and consumers. Read here which services are covered by the TÜV organisations. The cybersecurity services and products (extract) provided by the TÜV companies include both mandatory cybersecurity certifications based on legal requirements and voluntary certifications.