11.08.2025 • Topstories

Cybersecurity in Focus: Data Protection as the Backbone of Digital Resilience

Data privacy is a leadership responsibility – that much should be clear by now. Data loss can occur anytime and anywhere: in companies, public institutions, or private settings. That’s why regular backups, strong cybersecurity measures, and proactive planning are all the more important. With the rising threat level, taking action is no longer merely advisable – it’s long overdue. Unfortunately, despite growing awareness, there is still a dangerous imbalance between theoretical understanding and practical implementation: according to the current TÜV Cybersecurity 2025 study, 73 percent of companies consider cybersecurity important. Yet their technical measures often do not match the actual risks.

Paul Ingles, Senior Vice President & General Manager, EMEA at Ping Identity

Protecting sensitive data should always be the highest priority. In addition to increasingly sophisticated attack methods, the constant evolution of regulatory requirements poses an ongoing challenge. The planned ban on ransom payments in the UK public sector, for instance, is a step in the right direction in the fight against cybercrime. At the same time, it underscores the importance of taking responsibility. While there are public initiatives like cybersecurity groups and national security authorities, true resilience must be built within organizations themselves. This requires tailored contingency plans that reflect individual risks, systems, and personnel – enabling swift and targeted emergency responses.

Just like the human body, digital resilience consists of a unique set of components. Early detection, prevention, structured response plans, and recovery processes must work together. Only when these components are integrated can true self-healing capacity emerge.

content:

The Strategy Behind the Ransom Payment Ban: A Political Signal with Consequences
Resilience is a Leadership Responsibility, Not a Budget Issue
Backups Alone Aren’t Enough – Resilience Goes Further
Control Access, Protect Identity – In a New and Holistic Way
Protecting Reputation Through Sustainable Cyber Resilience
Strategic Responsibility Is the Prerequisite for Resilience

The Strategy Behind the Ransom Payment Ban: A Political Signal with Consequences

At first glance, banning ransom payments in ransomware attacks seems reasonable: if cybercriminals can no longer extort money, the attacks lose their appeal – or so the theory goes. In reality, it’s rarely that simple.

Especially in the public sector, institutions often lack the financial and human resources to recover independently from an attack. The ban removes the option to pay, without providing better tools to restore systems.

This change in policy should therefore be understood as a wake-up call. It signals that reactive measures are no longer sufficient in a dynamic threat environment. Leaders must stop viewing cybersecurity as a purely technical task and instead embed resilience into their overall strategy.

Regulatory demands are becoming stricter: EU directives like NIS2, the Cyber Resilience Act, and DORA are increasingly pressuring companies not only to plan strategically for cyber resilience but also to implement it concretely. This is not just about refusing to pay ransom – it’s about ensuring operational continuity in the event of a crisis.

Resilience is a Leadership Responsibility, Not a Budget Issue

Electronic flexibility is often associated with high costs or a multitude of technical security tools. However, true flexibility is not measured by budget but by mindset. The best-protected companies are not necessarily those with the latest software, but those that manage risks strategically and prudently.

Studies show that 91 percent of companies overestimate their security level – a classic case of "optimism bias." Companies that haven’t yet been attacked often have a false sense of security. This cognitive distortion leads to necessary investments and actions being postponed.

Ransomware attacks are not only successful because of the attackers’ sophisticated methods. Often, basic organizational mistakes pave the way: weak passwords, outdated systems lacking current security patches, poor access controls, or untested recovery plans. This is why phishing (53 percent according to Bitkom), data leaks, and ransomware (31 percent according to KPMG) are among the most common types of attacks – more due to organizational shortcomings than technical genius.

That’s why leaders must ask the right questions about critical aspects of their business – before something happens. For example: “What would happen if our systems failed tomorrow?” or “How quickly could we recover them?” If the answers to these questions are unclear, action must be taken immediately. Backups should not only exist but also be regularly tested and secured. Only then can access rights be clearly defined and systems quickly restored in an emergency – to protect the entire company.