Resilience under pressure: An interview with our CEO, Alexander Benoit

According to Cisco’s 2025 Cybersecurity Readiness Index, only 4% of organizations worldwide have achieved the “mature” level of readiness required to effectively withstand today’s cybersecurity threats. Conversely, this means that 96% of companies are unprepared for current IT security challenges.

Is this due to a lack of awareness, an underestimation of risk, or something else? We can’t say for sure. However, it certainly doesn’t hurt to draw attention to the importance of a comprehensive IT security strategy whenever possible.

That’s why we’re delighted that the German business newspaper Handelsblatt has published a special issue on cybersecurity – including an interview with our CEO, Alexander Benoit, which focuses precisely on the topics of IT security and resilience.

Talking IT emergencies, resilience, and prevention

In said interview, Alexander Benoit answers the most pressing questions every organization should be asking right now: How is digital sovereignty measured? What role does cyberattack defense play in IT resilience? And how can business continuity be ensured in the event of a large-scale infrastructure failure?

Of course, two of our key services fit right into this discussion: our Managed SOC, which monitors systems 24/7 and quickly and automatically detects and remediates attacks, and our new Managed Emergency Environment, ARC, which helps rapidly restore business-critical services after an incident.

Enough teasing: here’s the full interview for you to read – translated into English, as the conversation was originally conducted in German:

Resilience becomes a top priority

Geopolitical tensions and cyberattacks are putting pressure on midmarket companies, especially those that operate critical infrastructure. Defense alone isn’t enough. The key is to focus on sovereignty and IT resilience to ensure that operations remain viable in an emergency.

Crises triggered by cyberattacks, natural disasters, and political tensions can disrupt supply chains, production, and administration. This is why companies need robust processes, clear roles, and trained teams to ensure digital sovereignty and the ability to act in crisis conditions. Beyond detection and defense, the importance of a "Plan B" increases. However, implementing an emergency plan can be challenging. Plans fail because they’re outdated, sidelined in day-to-day business, or depend on technical crisis tools that users are unfamiliar with. IT resilience in a crisis requires familiarity and practice. Only plans that have been rehearsed in advance can keep the lights on and preserve digital sovereignty.

Alexander Benoit, the CEO of water IT Security & Defense, explains how to make resilience work. water operates a Germany-based managed Security Operations Center (SOC) with 24/7 monitoring, incident handling, risk and vulnerability management, and a managed emergency environment as a fallback.

Handelsblatt:
Beyond political debate, how do you measure digital sovereignty in day-to-day business?

Alexander Benoit:
We define digital sovereignty as the ability to control our critical business processes autonomously at all times. Three factors are decisive: ownership of cryptographic keys, transparent supply chains and system architectures, and the ability to independently restore systems.

Handelsblatt:
In an incident, what role does your managed emergency environment play as a fallback to keep operations organized?

Alexander Benoit:
We call this our “one-click fallback mode.” This independent shadow environment supports the goals of sovereignty and IT resilience. By providing redundant core services, such as communication and infrastructure, we ensure that, when primary systems fail, organizations can continue to operate via clearly defined minimal processes. Additionally, predefined recovery workflows are executed to restore business-critical functions. The managed emergency environment also serves as a crisis management tool by easing the burden on the crisis team because essential IT services are preconfigured for emergencies. This creates a secure foundation for subsequent recovery.

Handelsblatt:
What role does cyber defense play in IT resilience?

Alexander Benoit:
A SOC that monitors environments 24/7 has become crucial, even for SMEs, because AI is accelerating cyberattacks. Our managed SOC detects attacks within minutes and executes response steps supported by AI and automation. This typically reduces the time needed for containment to under an hour.

Handelsblatt:
How do you prioritize vulnerabilities based on business impact and exploitability?

Alexander Benoit:
The challenge of proactive reduction is the sheer number of vulnerabilities. We address this challenge by combining the criticality score of a vulnerability with contextual factors such as the criticality of affected systems, available remediation options, current exploit activity, and regulatory relevance. Business impact is weighed alongside technical severity in the scoring and prioritization process.

Handelsblatt:
What is your first-hour playbook for a security incident?

Alexander Benoit:
1. Activate the crisis team and provide them with the necessary workspace and materials
2. Rapid detection and alerting
3. Isolate affected systems
4. Communicate with key personnel and, if necessary, authorities
5. Restart business-critical applications
6. Preserve forensic data

Handelsblatt:
How do you maintain business continuity when a significant portion of the infrastructure fails across critical core processes?

Alexander Benoit:
We work with tiered recovery plans: prioritized applications are restored via separate data centers, cloud failover, and our managed emergency environment. This ensures that critical processes, from payments to customer service, continue to run.

Handelsblatt:
How do you integrate prevention, response, and strategic independence into a controllable security model?

Alexander Benoit:
Our model is based on three pillars: prevention through hardening and awareness, detection and response, and strategic independence through emergency and supply chain management. We prioritize involving specialist departments in prevention, defense, and emergency management through area-specific use cases and quarterly emergency tests.

Handelsblatt:
What first step should CEOs take within 90 days to measurably increase resilience?

Alexander Benoit:
If conducting a full Business Impact Analysis (BIA) isn’t feasible, we recommend taking a "follow-the-money" approach: identify and secure the processes with the greatest impact on value creation.