Here we share our expertise, learnings and news

3 misconceptions
about industrial security

Steffen Zimmermann's expertise on security in your company

Ransomware, cyberattacks and security standards are unpleasant topics that are often put on the back burner for more important tasks. But if you don’t take an in-depth look at industrial security, you put your company at risk. To help you get started, we spoke with expert Steffen Zimmermann in a podcast and summarized everything you need to know here.


Who is Steffen Zimmermann?

Steffen Zimmermann Industrial Security
Steffen Zimmermann

When are companies safe? 3 misconceptions:

Why is industrial security so important and why are companies still not paying enough attention to it? This is mainly due to the widespread but unfortunately wrong image of industrial security:

Misconception 1: "Industrial security is a topic for people in the IT department."

According to Steffen Zimmermann, anyone who does not view cyber security as a management issue is acting with gross negligence. Not only because attacks are becoming more frequent, but also because more and more customers expect fully answered security questionnaires. If the IT security law of the EU or the regulation in Germany is disregarded, the management and not the IT employees are liable. It is therefore no longer sufficient for only IT specialists to deal with the company’s security.

Misconception 2: "All you need for industrial security is the right hardware and software."

You can't buy security.

That’s how Steffen Zimmermann puts it, because technology alone can never be the only solution. For the interaction between people and technology to work, management must invest in more than just technology:

Misconception 3: "The company is safe."

The only sure thing about industrial security is that no matter what is done and bought, it never fully protects against attacks. Industrial security is an ongoing process that can never be completed because technologies and attack methods evolve. Those who feel absolutely safe and do not revise their measures risk greater damage than those who expect an attack and continuously adapt to technological changes.

What measures are necessary for industrial security?

To ensure that you are in a position to take the right measures and entrust employees with the task of looking after the company’s safety on an ongoing basis, four steps are important:

Step 1: Define what you need to protect.

To do this, it is best to start at the top with trade secrets and business processes. The data to be protected can be divided into three areas:

  • IT security: everything that concerns the office
  • OT security: your own production environment
  • Product security: digitally networked products

Step 2: Familiarize yourself with the topic.

You will find many tools, standards and checklists for cyber security online, many of which are even freely available. Take advantage of what’s on offer and work your way through in small steps – then you’re sure to be on the right track!

Step 3: Don't forget: Everyone had to once start.

Some of your colleagues may already be further along in the process, while others, like you, are still at the very beginning. A good opportunity to share experiences and learn from each other is the blended learning training with Dr. Pierre Kobes, the founding father of the IEC 62443 standard.

Step 4: The last and most important step: Don't stop and keep adapting to new developments and standards!

3 Tips from Steffen Zimmermann

If you want to achieve the greatest possible industrial security, you should always be able to answer "yes" to 3 questions:

Where can I find help on Industrial Security?

Find our more about out Industrial Security Training.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Don't miss a thing

Subscribe to our newsletter and get the latest news on events, programs and more!

We're committed to your privacy. University4Industry uses the information you provide to us to contact you about our relevant content, projects, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.


Free Checklist

Almost every day, well-known companies find themselves in the headlines because they have been the victim of a cyberattack. For a long time now, security training and the development of measures have no longer been about the question of whether one will be affected, but when and to what extent. However, this does not mean that manufacturing companies should just sit and wait until the time comes. In this paper, we have listed what companies can do in advance to delay attacks and be as resilient as possible to attacks.

Sign up now to learn what you can do ALREADY to prepare best for a possible ransomware attack.

After you filled out the form, you will receive an email from us with the free white paper. Please check your spam folder in case your message got stuck there. Please

Schedule an appointment now

Would you like to learn more about our approach?

Have a conversation with one of our experts
about how we as your partner could support you.

By entering your email address, you will accept our privacy policy and receive a confirmation email. Through this email, you have the chance to subscribe to our regular updates. Without your permission, you will not receive our newsletter.

Jetzt Termin vereinbaren

Sie möchten mehr über unseren Ansatz erfahren?

Sprechen Sie mit einen unserer Expert*innen,
wie wir Sie als Partner am besten unterstützen dürfen.

Wenn Sie Ihre E-Mail-Adresse eingeben, akzeptieren Sie unsere Datenschutzbestimmungen und erhalten eine Bestätigungs-E-Mail. Mit dieser E-Mail haben Sie die Möglichkeit, unsere regelmäßigen Updates zu abonnieren. Ohne Ihre Zustimmung werden Sie unseren Newsletter nicht erhalten.