How long does it take companies to get a higher assessment?
The overall assessment is calculated on the basis of the (1) risk at the perimeter, (2) risk on systems and (3) risk in protocols. The time required to achieve a higher assessment depends largely on the individual internal company processes:
- Can software be directly updated or is a lead time required?
- Can the measures be implemented quickly (e. g. a central firewall rule for the entire business network) or do the individual processes of the measures provide a larger timeframe (e. g. large companies with several thousand clients)?
According to our experience, in most cases problems are technically easy to solve, but in reality they often take several months due to organizational conditions.