In the age of digitalization, manufacturing companies are under increased pressure to change due to product
complexity, growing customer requirements and digital business models. The increasing digitization of
processes and products is opening up numerous opportunities for mechanical engineering companies to
exploit the resulting potential for value creation. Subscription business is a new form of business model in
the mechanical engineering industry, which aims to continuously increase customer benefit to align the
interests of both companies and customers. Characterized by a permanent data exchange, databased learning
about customer behavior, and the transfer into continuous innovations to increase customer value,
subscription business helps to make Industry 4.0 profitable. The fact that machines and plants are connected
to the internet and exchange large amounts of data results in critical information security risks. In addition,
the loss of knowledge and control, data misuse and espionage, as well as the manipulation of transaction or
production data in the context of subscription transactions are particularly high risks. Complementary to
direct and obvious consequences such as loss of production, the attacks are increasingly shifting to nontransparent and creeping impairments of production or product quality, which are only apparent at a late
stage, or the influencing of payment flows. A transparent presentation of possible risks and their scope, as
well as their interrelationships, does not exist. This paper shows a research approach in which the structure
of subscription models and their different manifestations based on their risks and vulnerabilities are
characterized. This allows suitable cyber security measures to be taken at an early stage. From this basis,
companies can secure existing or planned subscription business models and thus strengthen the trust of
business partners and customers.
|