In the age of digitalization, manufacturing companies are under increased pressure to change due to productcomplexity, growing customer requirements and digital business models. The increasing digitization ofprocesses and products is opening up numerous opportunities for mechanical engineering companies toexploit the resulting potential for value creation. Subscription business is a new form of business model inthe mechanical engineering industry, which aims to continuously increase customer benefit to align theinterests of both companies and customers. Characterized by a permanent data exchange, databased learningabout customer behavior, and the transfer into continuous innovations to increase customer value,subscription business helps to make Industry 4.0 profitable. The fact that machines and plants are connectedto the internet and exchange large amounts of data results in critical information security risks. In addition,the loss of knowledge and control, data misuse and espionage, as well as the manipulation of transaction orproduction data in the context of subscription transactions are particularly high risks. Complementary todirect and obvious consequences such as loss of production, the attacks are increasingly shifting to nontransparent and creeping impairments of production or product quality, which are only apparent at a latestage, or the influencing of payment flows. A transparent presentation of possible risks and their scope, aswell as their interrelationships, does not exist. This paper shows a research approach in which the structureof subscription models and their different manifestations based on their risks and vulnerabilities arecharacterized. This allows suitable cyber security measures to be taken at an early stage. From this basis,companies can secure existing or planned subscription business models and thus strengthen the trust ofbusiness partners and customers.