Cyber attacks caused damage amounting to €178.6 billion in Germany alone in 2024 – a figure that gives pause for thought. In the latest episode of our podcast Innovation Implemented, Maximiliane Mayer (Head of Information Security Consulting, mgm security partners) and Julia Kirchner (Principal Consultant, mgm consulting partners) discuss how IT security can be embedded in companies not only technically but also culturally.
Security as an enabler of digitalisation
IT security is often perceived as an obstacle – but when properly understood, it is key to digital transformation. Security by design, i.e. the early integration of security requirements into projects, reduces risks, saves costs and improves the user experience. This requires a cultural rethink.
In the debate: Maximiliane Mayer (Head of Information Security Consulting, mgm security partners) and Julia Kirchner (Principal Consultant, mgm consulting partners)
Moderator: Karsten Kneese, Marketing Manager, mgm
Length: 32 minutes
Listen to the podcast
The most important points at a glance
Change begins with people
Technology alone is not enough – successful security strategies require a lived security culture. This is exactly where change management comes in: storytelling, gamification and target group-specific measures can be used to shape and embed change in a positive way.
Managers as role models and multipliers
A sustainable security culture starts at the top. Managers significantly influence security awareness in the company through their behaviour – not through instructions, but by setting an example. Openness in dealing with mistakes, active participation in awareness measures and regular communication on security topics signal that security is a top priority. As multipliers, they can communicate security goals to their teams, build trust and thus make a decisive contribution to anchoring security behaviour in everyday life.
Making success measurable
Whether security awareness is taking hold in everyday life is not only reflected in KPIs such as the results of phishing simulations or awareness surveys, but also in cultural factors such as management behaviour or how mistakes are dealt with.
Strong together: security & change
The combination of technical expertise and a human perspective is crucial. Interdisciplinary teams, early stakeholder involvement and transparent communication promote acceptance and sustainability – also with regard to legal requirements such as NIS2 or DORA.
