Wirtschaftsforum: Mr. Dr. Höbel, the topic of Cyber Security is firmly embedded in Rottendorf's corporate strategy. How did this come about? 

Dr. Olaf Höbel: Before I joined Rottendorf about four years ago, I was involved in the automotive industry where the issue of IT security has been entrenched for a long time. Together with an external partner, we have examined IT security at Rottendorf and assessed the level of security standards here. 

Wirtschaftsforum: With what results? 

Dr. Olaf Höbel: Our observation was that one aspect, Data Integrity, was already well implemented, though primarily with a focus on compliance with GxP regulations. So, three years ago we started with assessments, analyzed where there were gaps, derived risks, and created a roadmap. When the first customer approached us with the issue, we were well-prepared; not only in terms of technology and tools but also in terms of people, processes, and awareness. The issue of Cyber Security is about taking the entire organization along and looking at the issue holistically. Against the background of increased use of IoT, Machine Learning, and Big Data, suppliers have also picked up on the topic. The area has a lot of potential; it's about questions like how information can be used to improve both qualitatively and in terms of IT Security.

Wirtschaftsforum: How do you currently assess the risk of cybercrime?

Dr. Olaf Höbel: There is a very high risk, even though it cannot be specified. The general risk increases for example through brute force attacks, which do not target specific industries. Companies often become victims of hacker attacks by chance. At present, there is no indication of a targeted attack on the pharmaceutical industry or Rottendorf, but this could change at any time.

Wirtschaftsforum: How do you protect sensitive data in this context?

Dr. Olaf Höbel: We have created a data governance with an external partner that includes both the technical and the organizational aspects, and we adhere to international standards such as ISO 27001. This covers all areas from technical implementation, including firewalls, to awareness training. We work with experts to implement our roadmap, for example, we have a partner for incident management. Once a quarter, we conduct simulations to check for security vulnerabilities in the company. We rely on leading technology manufacturers who are always one step ahead and develop strategies according to the Zero Trust approach. The goal is always to be one step ahead of hackers or to build so many hurdles that they give up.

Wirtschaftsforum: What constitutes a successful security strategy for you?

Dr. Olaf Höbel: The overarching goal is to never become the victim of an attack. When you specifically look into a company, it’s crucial that each employee can pursue their work without fearing that they might do something wrong and open the door wide for hackers. An independent and conscient awareness in handling information media and infrastructures is very important.

Wirtschaftsforum: What role does the topic of AI play in relation to Cyber Security?

Dr. Olaf Höbel: We incorporate the topic into our strategy. In a joint project with an external partner and Bielefeld University, company guidelines have been defined that describe and regulate the use of AI-powered tools. In some departments, we have deliberately chosen to use AI tools to see how to handle them, to learn how to work effectively with them and what dangers are involved.

Wirtschaftsforum: How do you assess the future challenges around IT security?

Dr. Olaf Höbel: It is a constant race against time, similar to the one between the hare and the hedgehog. It's about always being ahead, keeping awareness in the company constantly high, and never slacking off; like a muscle that needs to be constantly trained. This race also takes place in the technological field, where one must always be up-to-date. Our advantage is our network of partners with relevant expertise. There is no 100% security, but we stay on the ball, keep our senses sharp, do everything to protect every employee, our customers, and the patients. This is my personal concern and that of the company. Everything we do is for the well-being of the patients.