January 30, 2025
DORA Regulation: Requirements, implementation and strategic opportunities DORA Regulation – what you definitely didn’t know Before you read on: In this article
The planning of Pentest Budgets 2025 is coming up, and as an IT decision maker, you are faced with questions like: "Do we really need another pentest? How do we justify the costs?" Although you know the need for regular penetration tests to identify security vulnerabilities, management demands clear numbers and an understanding of the financial benefits of these measures.
In this article, you will learn how to communicate the financial and strategic value of pentests & Co. in order to plan your budget specifically and set the right priorities.
IT managers often hear statements like: “Why should we spend so much money on IT security? We haven’t had a major incident and everything is working fine.” Instead of getting into technical details or moral responsibilities, emphasize the financial and strategic benefits of security measures.
Preventive measures often only show their value once damage has been prevented. Nevertheless, you can estimate the likelihood of an attack on your company based on the general threat situation in Germany and your industry. According to Claudia Plattner, President of the Federal Office for Information Security (BSI), it is no longer a question of whether a company will be hacked, but when.
The BSI's 2023 IT security report provides relevant facts:
Is your management asking for concrete figures? The HDI Cyber Study 2023 shows the average damage caused by cyber attacks on SMEs and large companies - valuable figures for your argumentation.
You can also consult current hacking incidents in your industry. An overview is provided by ProSec's #CyberSecurityBriefing, which filters incidents from German-speaking countries by industry.
IT security measures such as penetration tests not only provide protection against attacks, but can also lead to significant improvements in the overall company structure. These optimizations should be part of your Pentest Budgets 2025 Here are some examples:
IT security affects the entire company, not just the IT department. In the event of a security incident, all departments would be affected:
Our tip: Communicate actively with other department heads to work together to identify the specific impact of a cyber attack and suitable protective measures. A cross-departmental approach creates allies and provides arguments for management. Legal requirements such as the NIS2 Directive also strengthen your position by clearly transferring responsibility for IT security to management.
A well-thought-out security strategy not only supports IT, but also advances the entire company. Use the 2025 budget planning to establish the value of IT security measures throughout the company - as an investment that pays off in the long term.
DORA Regulation: Requirements, implementation and strategic opportunities DORA Regulation – what you definitely didn’t know Before you read on: In this article
WiFi Sensing: How intelligence services monitor you – and how pentesters use the method to your advantage WiFi Sensing has
The one where we stole some cars – Cybersecurity Insights by Immanuel Bär “I gave them a get-out-of-jail-free card,” says
