Markus Braendle is Group Head of Cyber Security for ABB. Reliable and secure digital interfaces between industrial components and installations have been an important part of ABB's business for many years. The goal of Braendle’s team is to ensure that ABB offerings support customers' cyber security needs. He makes a strong argument that we shouldn't promote security for the sake of avoiding painful incidents, but rather focus on the business value that secure products and services can offer.
First of all, at ABB we don't talk about the Internet of Things. We talk about the Internet of Things, services and people. Because that's what it's basically about. Connecting stuff to the internet is a means to an end, what really matters is what you do with it. Moreover we also think that the fourth industrial revolution is an evolution rather than a revolution. The interconnectedness has been increasing for many years now. Having said that, there's of course no doubt that it is essential to warrant security in this domain. I am convinced that to achieve a secure environment in this new and very complex environment, we must not put too much focus on the technological perspective of security. There is a wealth of technological solutions around and a large part of this has in fact become a commodity. I believe that the real challenge is making sure that cybersecurity becomes a seamless part of the risk management approach, and earns its place in the hearts and minds of the leadership of companies.
Generally speaking, many organizations and its management are still largely basing their cyber security investments on fear for incidents. This often results in ad hoc budgeting for cybersecurity and more importantly it is not a very effective approach. The challenge is to talk about the business value of cybersecurity instead of responding to incidents and new threats. Business leaders should be aware that a very interesting new dynamics full of opportunities is emerging and should ask themselves how they can make the most out of it in a controlled manner. How can they increase customer value and customer satisfaction by offering cyber secure products and services? For instance by maximizing uptime, or by improving the efficiency of maintenance programs. However, when it comes to cybersecurity, we traditionally tend to talk in technical lingo. We must translate that into business lingo.
The cybersecurity strategy in some companies is largely driven by compliance, while others are more driven by the value that's at stake. It's a heterogeneous landscape, but overall I really do see some good progress in the dialogues that we're having with the market. It's important that we work together with third parties such as KPMG to jointly communicate this message. More generally speaking, I think that collaboration is key to effectively deal with this issue. Melani is doing a good job to bring industries together, but I think we should do more to engage dialogue with the security providers and the consulting companies. It's all about trust of course, and also about understanding each other's world.
I'll give you an example. When we work on a project for a customer, their investment often covers a timeframe of 20 years. This is quite a contrast with the habitat of IT providers who often have a time horizon of just a couple of years. So if we’re using IT in these projects, we must have a dialogue upfront on how we make sure to have fully supported IT components during the whole lifetime. This is one important prerequisite for enabling ‘security by design’. In this interconnected world, seamless cooperation with third parties is increasingly important. This goes beyond clear agreements in contracts. Partners need trust in the relationship. That’s why we engage in dialogue with them; in a continuously dialogue to make sure that we share the same goals, develop a good relationship and are ready to act swiftly when needed.
© 2019 KPMG Holding AG is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.