IT resilience as a priority for the board of directors

A priority for the board of directors 

Imagine a scenario where a cyberattack or a natural disaster, such as the flooding of the Ahr Valley, brings your entire IT infrastructure to a halt. Production comes to a standstill, supply chains are disrupted, and the financial losses are enormous – not to mention the significant damage to your company’s reputation resulting from missed deliveries or severely delayed processes across the value chain. These worst-case scenarios are no longer rare events and require proactive planning. According to a study by Detecon, companies that lack proper resilience measures can suffer multimillion-euro losses in the event of an IT outage. The average cost of a cyberattack amounts to approximately €3.86 million per year, with the impacts on reputation and customer trust often being even more severe. (Source: IBM Study, 2025: Cost of a Data Breach 2025 | IBM) 

In today’s digital business world, IT resilience is no longer solely the domain of the IT department – it has become a strategic priority at the executive level. The growing complexity of IT infrastructures and the increasing threat posed by cyberattacks have brought the personal liability of CEOs and board members in cases of cyber failures into sharper focus. Companies face the challenge of strengthening their endurance, as they are often barely or only belatedly able to maintain normal operations during critical IT outages. Extended crises frequently suffer from a lack of necessary resources.  

“Some of our clients now operate IT landscapes with more than a hundred critical applications and enterprise services that need to be safeguarded against a ‘worst-case’ scenario. Capturing this complexity initially, documenting it sustainably, and protecting it actively in the future is no simple task,” explains Daniel Lengies, IT and Resilience Expert at Detecon. 

Supply chains within the value creation process represent independent sources of risk, characterized by hidden vulnerabilities and unknown dependencies. These dependencies are often inadequately secured and based merely on commercial or legal agreements. The complexity of corporate structures and enterprise architectures further restricts the ability to act during crises. In many cases, companies do not return to their pre-crisis state; rather, aspects of crisis management become the new normal. Decisions are often made under pressure, with insufficient information or constrained options, leaving many employees overwhelmed. This includes compliance requirements that are increasingly observed even in crisis situations, such as payment transactions and PCI-DSS compliance, which must be met by certain applications. However, not every platform is designed or certified for these standards. Strict manufacturer specifications, guaranteeing support in case of errors, have largely replaced the once-common crisis-driven “just get IT up and running” mentality. Additionally, documents mandated by compliance processes are often prepared merely as a formality and rarely offer genuine assistance during disaster recovery. 

Given these challenges, companies must take proactive measures to protect their business processes, ensure business continuity through effective management, and secure their competitive advantage – now more than ever. 

Resilience is context-sensitive 

IT resilience refers to an organization’s ability to design its IT systems and corresponding processes in a way that makes them robust against situational disturbances and (criminal) threats. The ultimate goal of establishing resilient IT structures is to ensure the continuity of business operations, protect the company’s reputation, and guarantee the security of the data and software used. 

Cyber resilience, on the other hand, concerns an organization’s capacity to design its IT systems and manage their use so that they can withstand situational disturbances and (criminal) threats, with a particular focus on the risk vector of digital crime- both online and offline. This includes, among others, (spear-)phishing, viruses and malware, the exploitation of vulnerabilities for criminal purposes, as well as social engineering and CxO frauds that do not necessarily occur electronically. Here too, the primary objectives remain maintaining business continuity and preserving a strong brand image. 

Both aspects of resilience require a robust Business Continuity Management (BCM) approach. This holistic strategy is designed to ensure that a company and its business processes continue to operate during a crisis. The aim is to minimize the risks associated with operational interruptions and the resulting damage, thereby averting potentially existential scenarios. In the context of BCM, potential risks are identified and their impacts on business processes are analyzed. As a result, IT and cyber resilience are not issues isolated to the IT department – they affect the entire organization. 

The business impact of data centers, cloud services, and the supply chain

The reliance on data centers and cloud services continues to grow. In Germany, data center capacities have increased by an average of 10% per year over recent years. It is projected that by 2030, data center capacities in Germany will have risen by 70%, while AI-specific data centers could quadruple within the same period. (Source: Bitkom PR Article, November 10, 2025) This development underscores the importance of designing robust and resilient IT infrastructures – any failure can disrupt the entire supply chain and cause significant economic damage. A survey by Detecon revealed that 60% of the companies interviewed experienced at least one significant IT outage in the past two years that severely impacted their business processes. 

Determining the criticality of the value chain is key to ensuring adequate protection. Detecon offers a comprehensive resilience framework that helps companies secure their IT infrastructures and protect their business processes. This framework incorporates both technical and organizational measures to enhance resilience and ensure compliance. One component of the framework is the implementation of Business Impact Assessments, enabling companies to identify potential risks and take appropriate action. Alongside assessing applications and customer network interactions, factors such as site-specific criteria, individual platform specifics, and data backup and system recovery methodologies are rigorously examined. 

Another crucial aspect is defining outage scenarios and establishing communication protocols to enable rapid and effective responses in the event of an IT failure. Detecon’s findings indicate that companies implementing such a resilience framework can reduce the impact of an IT outage by up to 50%. 

“Resilience has many facets. We address all of them and prioritize measures for swift, targeted implementation,” says Daniel Lengies, Resilience Expert at T-Detecon. 

Key figures and facts