Imagine if FC Bayern Munich merged with Borussia Dortmund in the German Bundesliga—unthinkable, isn’t it? We’d like to use this soccer rivalry as a metaphor for the world of IT security and IT compliance, because—at least in the digital world—collaboration between these seemingly opposing worlds is not only conceivable but necessary.
Two worlds, one goal
Traditionally, IT managers and IT compliance managers operate in separate spheres. While IT managers develop, implement, and maintain technologies, IT compliance managers ensure that companies adhere to legal and regulatory requirements in IT. Yet, strictly speaking, both roles pursue the same goal: minimizing risks and protecting the company. Shouldn’t they therefore work together to build a stronger defence?
The Growing Threat Landscape
Cybercrime is a global business with rapidly rising costs—over $10 trillion worldwide is projected by 2025. Particularly sensitive sectors, such as healthcare, have become more vulnerable due to digitalization. Regulatory measures, such as the NIS 2 Directive and the DORA Regulation, set new standards that companies must comply with. This is where the need for close collaboration between IT and compliance comes into play.
An alliance between IT management and IT compliance
Why collaboration makes sense
It enables a holistic security strategy:
- Early detection of risks: Joint analyses enable the early identification of threats.
- Optimized security measures: Technical (protective) measures are directly reviewed for compliance.
- Faster response times: Incident response teams can act immediately in an emergency.
- Awareness-raising: Joint training sessions strengthen awareness of security and compliance issues.
Collaboration between IT and compliance
This can vary depending on the size of the company:
These often lack specialized staff. External service providers can help meet compliance requirements. Alternatively, IT service providers with close ties to IT compliance are deliberately selected to directly link both areas.
Specialized IT departments work more closely with compliance officers and conduct regular audits.
These rely on advanced technologies, automated compliance management tools, and globally coordinated strategies.
Liability and Responsibility
CEOs bear a great deal of responsibility. In the event of IT breaches, they can be held personally liable if adequate security measures were not in place. Dedicated Directors and Officers Liability Insurance (D&O insurance) can offer protection, but only if there is no gross negligence.
The Shared Path to the Future
The future belongs to synergy – While IT management and IT compliance have historically often gone their separate ways, the modern threat landscape shows that close collaboration is essential. Companies that consistently pursue this path are not only better protected against cyberattacks but can also meet regulatory requirements more efficiently and minimize liability risks.
As Confucius once said: “The journey is the destination.” In this case, the shared path is the key to a secure digital future. Would two rival soccer clubs ever collaborate or even merge? Well, that seems rather unlikely. But in the IT world, it is precisely this collaboration that is the decisive factor for success.
The question, therefore, is no longer whether IT management and IT compliance should work together, but how quickly companies can implement this merger. Because in a world where digital security and regulatory compliance are increasingly intertwined, only one thing matters: a shared strategy for a resilient and compliant IT infrastructure.