Strӧer

Ströer is a leading German media house and offers advertising customers individualized and fully integrated, end-to-end solutions along the entire marketing and sales value chain.

Ströer is focused on the strength of its OOH business with its OOH+ strategy, supported by the Digital & Dialog Media and DaaS & E-Commerce segments.

The rapidly growing organization owns a vast ecosystem of far more than 100 subsidiary companies. Each company is operated independently with their own initiatives, technologies, and processes. Traditionally, keeping track of the security postures of each company was challenging and there was no “single point of truth” to monitor risk exposure. To manage cybersecurity across this disparate business ecosystem, some years ago Ströer established a central cybersecurity department.

“The Ströer Group includes well over 100 companies and more than 15,000 domains,” explained Benjamin Bachmann, Vice President of Group Information Security at Ströer. “That’s a massive amount of potential threat landscape to monitor. We needed a way to measure and report how each of those companies and domains was performing regarding cybersecurity.”

Bitsight allows Strӧer to achieve both of these goals.

“Different stakeholders asked, ‘How can we measure our potential exposure? How can we measure our cybersecurity success?’” said Bachmann. “Bitsight helped answer those questions. It provides me with a way to show our improvements.”

Easily tracking security performance across a massive ecosystem

Strӧer uses Bitsight Security Performance Management (SPM) to obtain security ratings for the company’s different organizations. Like a credit score, Bitsight’s security ratings assign a numerical value to a company’s security performance. The higher the number, the stronger the security program, and the less likely the company is to pose a risk.

With Bitsight SPM, Strӧer can:

• Establish a cybersecurity baseline to benchmark and measure their cybersecurity progress against an objective standard trusted by all parties
• Keep a constant check on each of its subsidiaries’ cybersecurity postures and track when risk profiles have changed
• Quantify risk with greater confidence
• Report Key Risk Indicators (KRIs) to stakeholders for a condensed view
• Track and audit cybersecurity performance over time for both Strӧer and its subsidiaries
• Build a stronger and more resilient cybersecurity posture every day

For Ben Bachmann, monitoring the security ratings of all 100+ of Strӧer’s companies would have been an onerous task. Instead, he uses the flexibility of Bitsight SPM to set up and monitor a small number of “clusters,” each of which includes a subset of similar or partner companies owned by Strӧer. Bitsight SPM monitors the organizations within the clusters and assigns an overall rating to each group. Bachmann then collects the scores, ascertains an overall rating for Strӧer and creates a condensed management report.

Bachmann credits his Bitsight account representative and technical support team for creating a customized solution that makes tracking security performance simple and effective. “Bitsight’s support has been amazing,” he said. “Whenever we made a new request, the support was incredibly fast and helpful. They’ve created a solution that helps me easily make sense of how each of our companies is performing.”

Bitsight security ratings also help Bachmann establish objective metrics, both internally and externally.

Bachmann can accurately measure Strӧer’s progress internally and show positive results to stakeholders. “We have progressively improved on our rating. We have a lofty goal for where we would like to be. It’ll be tough to achieve it. But now we can tell if we’re getting close and understand what we may need to do to get there.”