Blum-Novotest GmbH, based in Grünkraut near Ravensburg (Germany), is a global technology and innovation leader in measurement and testing technology. The company describes itself as a reliable partner to the global machine tool, automotive and aerospace industries. The company will be presenting its FormControl X software at the upcoming major industrial trade fairs AMB Stuttgart, IMTS Chicago and JIMTOF Tokyo. With this measuring and automation software, users can create complex measuring programs in a self-explanatory manner and automate machining processes by implementing closed control loops. But what else is the company interested in? Alexander Blum (AB) and Wolfgang Reiser (WR) provide the answers.

Mr. Blum, what changes do you see in the global production landscape?

AB: For some years now, we have been observing a clear trend towards five large blocs, which are formed around North America, Europe, Russia, India and China. Each of these blocks sees the need to have certain key industries in its own hands, including aerospace and defense, energy, semiconductors and medicine. Within the blocks there are highly productive production clusters, but also areas where simpler processes are automated. This relocation of production processes to the peripheral areas is a driver for automation, which is positive for us, because measuring in the process is a prerequisite for a lot of automation.

How is BLUM positioning itself for this changed world?

AB: We are installing Blum-Novotest Competence Centers (BNCC) in the USA, India and China. For Europe, our headquarters in Grünkraut is of course the Competence Center. These BNCCs are equipped with extended functions and competencies, such as local repair facilities or employees who carry out software adaptations for customer-specific processes or developments for local control systems. Product management is also being set up locally in order to reflect the requirements of the regions to us in Grünkraut. This enables us to better understand local markets and their requirements and supply them with suitable products and solutions. This gives local customers the security of receiving support even faster and with comprehensive expertise. The functional scope and size of this BNCC will continue to grow. This also changes our self-image - from "Made in Germany" to "Made by Blum-Novotest", as we have been doing for years. We are now an international company with employees at eye level in more than 20 countries.

The Competence Centers are of strategic importance for the emerging markets in particular. On the one hand, this brings more expertise directly to the local markets, and on the other hand, the local markets have the opportunity to exert more influence on future developments via the product managers. This involves, for example, control systems that are widely used locally, or adaptations and localizations in the user interface.

How are these developments reflected in BLUM products?

AB: We are constantly developing, and the high-end is increasingly being joined by an entry-level offering. However, this is not inferior, it is just simpler in some areas, for example by only providing the most important range of functions.

We will soon be introducing new products such as our Z-Nano LT+. This is a tool probe for tool length measurement and breakage detection, which will primarily appeal to customers who want to get into contact tool measurement. There are also existing products that fit well into these simpler process scenarios, such as our ZX-Speed series. Thanks to a multidirectional measuring mechanism, this probe can also perform radius measurements with a rotating tool by rotating the tool against the cutting direction as it touches the measuring disk. However, industry solutions such as laser measuring systems for drill-tap applications and simple machine concepts also open up the benefits of non-contact tool measurement technology to users in the entry-level sector.

At the same time, customers are also becoming more demanding ...

WR: The requirements of high-end customers continue to increase. Until recently, 5µ accuracy was sufficient, but now we are talking about 1µ and below. It is no longer just tool lengths and diameters that need to be measured, but entire cutting edge contours of circular segment cutters, for example. The result should then be visualized.

With LC-VISION, BLUM has an intuitive measuring software for the laser measuring systems in its portfolio ...

WR: With LC-VISION, not only can entire measurement sequences be visualized and evaluated, but a variety of measurement tasks can also be generated on the control screen without NC programming knowledge. Wear can be measured precisely and tools can be used up to the wear limit. The user can also analyze the progression of wear and compare tools from different manufacturers, for example. Last but not least, our DIGILOG technology produces high-quality data that is ideal for further processing using artificial intelligence.

In networked environments, the measured values can also move with the tool thanks to LC-VISION. Tools can be exchanged between machines and the new machine knows the last measurement and wear values of the tool directly. Monitoring tool wear - together with consistent use until the end of wear - offers enormous savings potential.

The flexibilization of production also means that many different workpieces need to be processed one after the other - automatically and without compromising on quality, of course. When a robot inserts the parts, the position must be measured after insertion and the processing adjusted. Success is checked after processing.

What solutions do you offer for this?

WR: Our FormControl X measuring and automation software is now available for these tasks. With FormControl X, users can create complex measurement programs in a self-explanatory way, automate machining processes by implementing closed control loops and make the measurement results usable in the sense of Industry 4.0. This makes manufacturing processes more transparent and faster, and optimizes the quality and manufacturing costs of the finished workpieces. This is not possible with a measurement in the measuring room alone, or is a major blind flight, as production continues until the measurement is taken in the measuring room and, in the worst case, only then is a deviation detected.

Let's take a look into the future: where are developments in measurement technology heading?

WR: I firmly believe in self-optimizing processes. Today, we often have the problem that the cutting tools are not manufactured as precisely as would be necessary to achieve the desired precision. If the machine measures the tools before machining, it can compensate for these deviations, as well as for wear. This is already possible today, but I believe we are moving faster and faster along this path. The machines optimize themselves and relieve the burden on competent operators, who no longer have to worry about many things themselves.

Further information: Blum-Novotest GmbH

Time and again, publications discuss the major threat to cyber security posed by employees. In particular, the focus is on disgruntled, bribed or angry former employees who have had data stolen. Human error is also regularly identified as another crucial and dangerous factor for cyber security. They can lead to serious security incidents resulting from carelessness within the workforce. Regular data security training for teams is therefore standard in most companies today, as is support from a modern IT security infrastructure. But how high do company managers actually consider the risk from within to be?

The cyber security service provider Sophos commissioned the market research institute Ipsos to survey representatives from C-level management (and explicitly not IT managers) in Germany, Austria and Switzerland on this question. Overall, the results show that managers in the three countries have a high level of trust in their workforces, both across industries and across smaller and larger companies.

Austria places great trust in its employees

Significantly more than half (64% in total) and remarkably more than in neighboring countries, Austrian managers rated the risk posed by their teams as very low (34%) or low (30%). Austrian retailers in particular have great confidence in their employees - as many as 62.5% of respondents believe that employees pose no risk. In general, it is also clear that it is the larger companies (200 employees or more) that rely on the safety awareness of their employees (46.2%). In the neighboring country, only 2 percent rate the danger from within as high; unlike in Germany and Switzerland, no one thinks it is very high.

Germany is generally confident

In Germany, too, more than half (56.7% in total) of the managers surveyed say that they consider the risk of security incidents triggered by employees to be very low (25.9%) or low (30.8%). A total of 26.9% see a medium risk, with even more caution among the representatives from retail companies surveyed, 35.5% of whom assume a medium risk. In Germany, only 1.5% of bosses consider the possibility of security incidents by employees to be particularly high.

For Switzerland: trust is good, caution makes sense

Swiss company managers are slightly less optimistic than their counterparts in neighboring countries when it comes to the level of cybersecurity awareness among the workforce. Here, slightly less than half of respondents (48% in total) believe that the risk from within is very low or low (24% in each case). Management in the manufacturing sector are particularly confident in this regard, with 42.1% of them describing the insider threat as very low. In Switzerland, 32% of those surveyed believe that the risk is medium, while only 2% of respondents in Switzerland rate it as very high.

Source: Sophos

This year's study "Swiss hospitals: This is how healthy their finances were in 2023" by PwC Switzerland speaks plainly: the financial situation of Swiss hospitals is alarming. Some cantons have already taken out rescue packages, and others are likely to follow. This raises the question of which facilities are still necessary and sustainable and which are not. The planned packages are likely to cost Swiss taxpayers over CHF 1 billion a year in view of the gaps and the support already provided, the study calculates. The study was conducted in July 2024 on the basis of the published annual accounts of 44 acute hospitals and 12 psychiatric clinics. In order to reflect the reality in practice, the study contains excursuses on various key topics and three interviews on best practice with renowned industry personalities.

Existential threat to acute care

According to PwC, the financial year 2023 shows worrying health figures for acute hospitals: eroding margins, falling liquidity, declining equity ratios. As tariff adjustments did not keep pace with inflation, the median EBITDAR margin shrank to a worrying 3.6 %, which is significantly below the industry target of 10 % defined by PwC and also marks the lowest level since the introduction of the SwissDRG tariff system in 2012.

In 2023, even more hospitals will be making losses than in the previous year. In view of the current financial results, hardly any of the study hospitals could survive on their own financial strength in the long term. This presents the cantons, as planners of healthcare provision, with difficult decisions with far-reaching consequences for the Swiss healthcare system. Patrick Schwendener, Head of Healthcare Deals at PwC Switzerland, comments: "Although many hospitals and their owners are aiming for an EBITDAR margin of 8 % to 10 %, they are not operating profit-oriented. This attitude sends out the wrong signals and ultimately jeopardizes the existence of the facilities." 

Psychiatric clinics continue to grow

Psychiatric clinics increased their total revenue by a median of 4.8 % in 2023 to a new record high. Growth was driven by a substantial increase in inpatient and outpatient revenue. The latter increased by a median of 11.6 % compared to the previous year. The EBITDAR margin climbed to a median of 8.1 %. Accordingly, psychiatric clinics are also sufficiently liquid to meet their short-term payment obligations. High capacity utilization, the necessary investment volumes and the worsening shortage of specialists remain key challenges in this segment. 

First aid yes, but

Since the beginning of 2022, the structural adjustment of the Swiss hospital landscape has accelerated due to financial challenges and a lack of specialists. System-related consolidation makes sense, but an uncoordinated approach can distort competition and prevent sensible structural adjustments. The cantons' planned first aid measures are likely to cost Swiss taxpayers a cumulative total of over CHF 1 billion per year. Philip Sommer, Head of Healthcare Consulting at PwC Switzerland, comments on this fact as follows: "Rescue packages are not a sustainable solution. In the long term, reforms are necessary to ensure the efficiency and stability of healthcare provision."

Systemic relevance as a key criterion

As a key argument for a targeted rescue of hospitals, PwC recommends focusing on the systemic relevance of individual facilities. A facility is systemically relevant if its closure would have a fundamental impact on the healthcare region. Whether for equity or debt subsidies, guarantees, compensation for public services, takeovers or rescue companies: In the decision-making process for restructuring, the cantons must define a suitable set of instruments for each individual hospital in an objective and owner-neutral manner and communicate them openly. Stefanie Schneuwly, Senior Manager Consulting Healthcare at PwC Switzerland, explains: "Hospitals that receive financial support from the cantons must be measured against clear criteria and requirements. This should be made transparent."

Politically preventing collapse

The current crisis is structural in nature and has grown over the years. Cost pressure, labour shortages, poorly financed outpatient care, a lack of necessary investment in digital transformation or infrastructural modernization and a lack of networking of hospital structures are putting financial pressure on hospitals. In order to prevent the collapse of the high-quality Swiss healthcare system and provide incentives for integrated, networked care, PwC believes that political adjustments to the framework conditions are necessary. The regulatory authorities should create better framework conditions, for example by using the uniform financing of outpatient and inpatient services directly for the right incentives in the tariff systems, adjusting the tariff systems more quickly to the cost reality via inflation adjustments, reducing the regulatory requirements in order to promote innovative care models and focusing on quality in the long term.

Source: PwC

The 155th Annual General Meeting of the SVTI Swiss Association for Technical Inspections was all about looking to the future. However, the SVTI can also look back on a successful year, as the 2023 annual report shows. 

2023 from the perspective of the Executive Board and management

The SVTI can therefore look back on a pleasing financial year 2023. According to the annual report, all inspectorates recorded a positive business performance and the inspectors and experts were well utilized. The inspectorates are set up with a view to the future and meet the requirements of the clients in the best possible way, the report continues. The development of the SVTI Group with the Swiss Safety Center and the branches was also positive. The strategy of consolidating all freelance activities in the Swiss Safety Center has proven successful and will be further expanded, the Board of Directors and Executive Board announced.

From the SVTI inspectorates

The Boiler Inspectorate under the new leadership of Dr. René Burkhard was pleased to note that once again more devices were registered than deregistered. The Swiss Lift Day, the second edition of which was organized by the Swiss Federal Inspectorate for Lifts (EIA) in Wallisellen in June 2023, has established itself as an event and meeting place for all those interested in elevators. At the Federal Pipeline Inspectorate, a working group examined the necessary amendments to the Pipeline Ordinance (RLV) and the Pipeline Safety Ordinance (RLSV) in order to create the technical requirements for new hydrogen pipelines. In the Nuclear Inspectorate, the "echolyst - Impact-Echo-System" was promoted as a development priority. The Pressure Equipment Market Surveillance Department carried out a random sampling program to ensure that recalls and warnings were issued for products that were already on the market.

Sustainability and innovation at the SVTI Group

In 2023, various sustainable measures were implemented at the SVTI Group, including the installation of charging stations for electric cars. This will be followed in 2024 by a photovoltaic system on the flat roof of the Richtistrasse 15 building in Wallisellen. In the area of innovation, the focus is on new non-destructive testing methods and supporting industry with decarbonization. For example, a project entitled "Use of blockchain technologies in testing processes" is being financed from the innovation fund. Sustainability, innovation and our role as an attractive employer are values that contribute significantly to our continued success.

The topic of AI has also arrived at the SVTI

A novelty in the SVTI's digital annual report is that the AI-generated Kayla Klarissa provides a lively review of the year. in the form of a video granted on the 2023 highlights.

Prof. Dr. Benjamin F. Grewe from ETH Zurich gave a talk on "A brief history of artificial and natural intelligence" at the 155th association meeting, which was less AI-based and more AI-driven and in line with current developments.

Source and further information: www.svti.ch

Around 60 percent of companies in Germany, Austria and Switzerland (DACH region) have fallen victim to a cyber attack at least once in the last two years. This is according to the "Cyber Security Report DACH 2024" by security firm Horizon3.ai. A sample of 300 companies was examined for the report. According to the report, well over a third (37%) of companies reported a specific incident. Just under a quarter (23%) did detect a hacker attack from the Internet, but were able to fend it off completely according to their own statements. 28% of the companies contacted by Horizon3.ai do not even know whether or not they have fallen victim to a cyber attack in the last 24 months. Only 12 percent of companies say "We are certain that we have not been attacked."

Almost a quarter were attacked three or more times

According to the "Cyber Security Report DACH 2024", almost a quarter of companies (23%) were exposed to a hacker attack three times and a further 12% even more frequently in the two years surveyed. A further 18% were "only" attacked twice during this period and 11% once from the internet. "The number of unreported cases is likely to be many times higher," suspects Rainer M. Richter, Head of Europe and Asia at the security company Horizon3.ai, which published the study. He fears: "In view of around 70 new vulnerabilities in software programs that are discovered every day and the growing complexity of computer and network environments, many companies have long since lost track of how vulnerable they really are and how often they are actually attacked. Cases of attackers roaming around company networks for months on end and tapping into confidential data without being noticed are well known. Many attacks only come to light when there is an immediate impact on ongoing operations or a ransom note appears on the screen."

Downtime, financial losses, legal consequences and data theft

According to the "Cyber Security Report DACH 2024", 63% of the companies surveyed had suffered downtime due to a cyberattack in the two years under review. 42 percent (multiple answers were requested) suffered financial damage as a result. 36 percent suffered legal consequences. In 34 percent of all cases, data was stolen. 29 percent of companies received a ransom demand in order to release data encrypted by hackers. 

Security expert Rainer M. Richter is surprised: "Many board members, managing directors and IT managers don't seem to realize that, in addition to the consequences for their company, they can also face personal liability if a cyber attack causes serious damage. In these cases, it is up to them to prove that they have done or ordered everything humanly possible to prevent sensitive customer data from being stolen, for example."

Widespread naivety at management level

The participants selected for the survey predominantly hold a position of responsibility in their company: Chief Information Security Officer (23 percent), Team Leader IT (21 percent), Chief Information Officer (18 percent), Chief Technology Officer (13 percent) and System Administrator (7 percent). "According to the survey, half of those personally affected do not expect to be held liable for potential damage," says Rainer M. Richter, surprised at the widespread naivety of managers when it comes to cyber risks.

The cyber security expert warns of a security chaos: "The economy is urgently called upon to do its homework when it comes to cyber security. The waves of attacks will be AI The pace of cyberattacks is becoming increasingly faster and more aggressive, while at the same time more and more devices are being connected to the company network through home office and the Internet of Things, making the gateways for hackers visibly larger. The gap between the level of risk and the level of protection is therefore widening." 

Penetration tests against security chaos

Rainer M. Richter advises companies to "carry out penetration tests with great frequency in order to continuously check their cyber resilience." During such a test, an attack is carried out on the company's own premises in order to detect security vulnerabilities. In the financial sector, the European banking supervisory authority carries out regular penetration tests under the term "stress test" to check the financial institutions' ability to defend themselves against hacker attacks. "I advise every board member, managing director, authorized signatory and IT manager from all other sectors to regularly subject their own company to this kind of acid test," says the Head of Europe and Asia at Horizon3.ai, certainly not entirely altruistically, as his employer operates a platform called NodeZero, which aims to make such penetration tests affordable for SMEs.

Source: www.horizon3.ai 

Experience shows that an important component of successful risk management strategies is process automation and process management. Both lead to greater consistency, efficiency and accountability across the organization. "Essentially, automation ensures that processes are carried out in accordance with established policies and regulations, reducing legal risk. Automation enables real-time monitoring and reporting of operational activities, allowing businesses to identify and address risks immediately. Important points when you consider that the new NIS2 directive is also coming into force soon," clarifies Cosima von Kries from Nintex, a provider of process intelligence and automation solutions. 

Many companies fail

However, many companies fail to introduce these technologies or do not exploit their full potential. This leads to uncertainties, disagreements among management and employees and can ultimately also cause security-related difficulties. Any technology is only as good as the user who operates it and the database that is used. "If companies are fit in the area of process automation and processing the right database, they can also implement the NIS2 directive or ISO 27001 very well. They then know, for example, how security incidents are reported digitally or how emergency plans are immediately initiated automatically depending on the security incident that has occurred. However, many companies are not aware of this and only think of pure security measures and tools when it comes to guidelines relating to information security or cyber security. But it goes much deeper and further. Only the right process automation helps companies to create holistic structures in which security guidelines can work effectively," Cosima von Kries goes into further detail. 

5 tips on how companies can improve their risk management

It therefore recommends that companies take the following five steps to successfully implement a process automation project and thus significantly improve risk management: 

1. Start step by step

Even though all the goals of the project are important, it is crucial to start small. Rather than trying to automate an entire process, it's best to narrow the focus of the implementation team. First, identify the areas in cybersecurity and information security infrastructure where process automation makes the most sense. The identified processes are evaluated according to their complexity, frequency and the potential risk associated with their manual execution. These can be, for example, recurring tasks such as patch management, log analysis, threat prevention, incident reporting or compliance monitoring.

Smaller, incremental changes can be reviewed and adapted more quickly. Successes encourage managers and employees to take the next step. Customers also benefit from the positive effects. A gradual changeover creates a culture of continuous improvement towards leaner processes and improved risk management. 

2. Communicate benefits clearly

Managers should involve employees in the change process at an early stage. They should inform their teams comprehensively about the benefits, procedures and change steps, as well as why information and cybersecurity are of the utmost importance in the company and why the implementation of various guidelines is a top priority. Employees who are aware of the benefits for the company and for their own way of working are more motivated to participate in the change. They also feel involved in the cultural change, valued in their work and supported by the new software. 

The first step is to document all processes in detail and then evaluate which processes can be automated and how effectively. It provides comprehensive information on how tasks are carried out, which roles and responsibilities are involved and what the overall workflow looks like. Based on this information, the second step is to identify opportunities for improvement, streamline processes and reduce risks by reducing procedural deviations.

3. Stay human-centered 

Effective risk management in companies focuses on the people who work there and remains so, no matter what stage of implementation and change the process automation project is at. Through targeted training and a culture of open exchange, companies can empower their employees to recognize potential risks at an early stage and act proactively. Involving all team members in decision-making processes and valuing their perspectives not only promotes trust, but also the company's innovative strength. A strong, informed and committed workforce thus forms the backbone of successful risk management that can react flexibly and resiliently to challenges.

4. Introducing technology even in highly regulated sectors 

Companies operating in highly regulated sectors, such as financial services, healthcare or the public sector, are generally reluctant to introduce new technologies. However, the potential benefits of process automation can be even greater here than in other business sectors. Process automation is particularly beneficial here, as it helps to meet compliance requirements, ensure data integrity and security, minimize errors, increase efficiency, improve transparency and traceability, and increase adaptability to regulatory changes. 

These benefits help to reduce the business risk, time and effort normally associated with adapting manual processes to new regulatory requirements and lead to cost savings as well as better resource utilization by significantly reducing redundant or manual tasks.

5. Avoid unintended risks 

Used correctly, process automation significantly reduces business risk. Used incorrectly, on the other hand, process automation can sometimes unintentionally introduce risk in the form of data breaches, privacy concerns and non-compliance. Therefore, it is critical that organizations implement governance mechanisms and data hygiene practices to identify and assess risks, implement controls to mitigate risks and ensure compliance with industry standards and regulations.

Automating complex, error-prone process steps ensures that they are carried out correctly every time. This reduces the risk of human error and costly consequences or reputational damage. Automated monitoring helps with regular checks and adjustments, e.g. to new guidelines such as NIS2, as well as quickly implementing improvements where necessary. 

Source and more information about the Nintex Process Platform: https://www.nintex.de/prozessplattform/

Artificial intelligence offers many opportunities and has great user potential. But there is also the other side of the coin: AI can also be used for criminal purposes. An analysis by Trend Micro shows the latest developments and highlights the threats that can be expected in the near future.

Jailbreaking-as-a-Service

While AI technologies are rapidly gaining acceptance in the business world, attempts to develop their own cybercriminal Large Language Models (LLMs) were largely abandoned in the cybercrime world last year. Instead, criminals shifted their focus to "jailbreaking" existing models, i.e. using special tricks to get them to bypass their integrated security measures. There are now offers such as Jailbreaking-as-a-Service. Criminals use sophisticated techniques to get LLMs to respond to requests that should actually be blocked. These techniques range from role-playing games and hypothetical scenarios to the use of foreign languages. Service providers such as OpenAI or Google are working on closing these security gaps. Cybercriminal users, in turn, have to resort to more sophisticated jailbreaking prompts. This has created a market for a new class of criminal services in the form of chatbot offerings for jailbreaking.

"Cybercriminals have been abusing AI long before the recent hype around generative AI in the IT industry. That's why we delved into the criminal underground forums to find out how cybercriminals actually use and deploy AI to achieve their goals and what kind of AI-powered criminal services are being offered," explains David Sancho, Senior Threat Researcher at Trend Micro. "We've looked at the underground conversations about AI and found that interest in generative AI has followed general market trends, but adoption seems to be lagging behind. We've also seen LLM offerings from criminals for criminals. These include FraudGPT, DarkBARD, DarkBERT and DarkGPT, which have many similarities. For this reason, we suspect that they most likely function as wrapper services for the legitimate ChatGPT or Google BARD - we call them Jailbreaking-as-a-Service services," David Sancho continued. "We have also investigated other potentially fake criminal LLM offerings: WolfGPT, XXXGPT and Evil-GPT. We are also looking at deepfake services for criminals: We've seen pricing and some early business models around these AI-powered fake images and videos."

Deepfake services on the rise

Deepfakes have been around for some time, but only recently have real cybercriminal offers been discovered. Criminals are offering deepfake services to bypass identity verification systems. This is becoming an increasing problem, particularly in the financial sector, as banks and cryptocurrency exchanges demand ever more stringent checks. Deepfakes are becoming cheaper and easier to create. Cybercriminals are using this technology to create fake images and videos that can fool even advanced security systems. A stolen ID document is often enough to create a convincing fake image.

What does this mean for the future?

Developments show that criminals are constantly finding new ways to misuse AI technologies. Although there has been no major disruption so far, it is only a matter of time before more serious attacks can be expected. Companies and private individuals must therefore remain vigilant and constantly improve their cyber security measures in order to be prepared for these threats. Three fundamental rules of cybercriminal business models will determine when malicious actors target GenAI on a large scale:

1. Criminals want an easy life: The aim is to achieve a certain economic result with as little effort and as little risk as possible.
2. New technologies must be better than existing tools: Criminals only adopt new technologies if the return on investment is higher than with existing methods.
3. Evolution instead of revolution: Criminals prefer gradual adjustments rather than comprehensive revisions in order to avoid new risk factors.

Conclusion: cybercriminal use of AI is only just beginning

The need for secure, anonymous and untraceable access to LLMs remains. This will encourage cybercriminal services to keep exploiting new LLMs that are easier to jailbreak or tailored to their specific needs. There are currently more than 6,700 readily available LLMs on the AI community platform Hugging Face. It can also be assumed that more and more old and new criminal tools will integrate GenAI functions. Cybercriminals have only just begun to scratch the surface of the real possibilities that GenAI offers them.

Trend Micro has compiled further information on this topic in a blog:

• https://www.trendmicro.com/de_de/research/24/e/ki-cybercrime-jailbreaks-bestehender-llm-modelle.html
• https://www.trendmicro.com/de_de/research/24/e/generative-ki-tools-fur-deepfakes.html

Many companies in Europe are already in the impact phase of using AI with regard to their employee experience: 79% of employee experience (EX) experts report a significant improvement in the quality of work of their employees as a result of AI. This is shown by the Employee Experience Report 2024a worldwide survey of 800 EX managers by Zendesk. 

AI increases efficiency and quality of work

"AI has already revolutionized the customer experience through personalization and increased efficiency. Now we are also seeing this development in the employee experience," says Tanja Hilpert, VP Central Europe (DACH & CEE) at Zendesk. "Not only do consumers benefit from AI technologies in their interactions with companies, but employees are also experiencing more and more advantages."

According to the survey, EX managers are increasingly adapting new working practices and tools to support their teams. In particular, they expect this to boost the productivity and satisfaction of their employees and give them a competitive advantage over their competitors. The following key findings emerge from the survey: 

• EX managers supplement their human team with supporting AI agents
• The introduction of self-service tools meets employee expectations in terms of flexibility and personalization 
• Employees are increasingly using AI-supported data analyses as a strategic basis for decision-making. 

Digital expansion of the team 

While the recruitment and induction of new employees used to take place on site in most cases, it is now increasingly taking place remotely. Consequently, the IT and HR decision-makers surveyed are increasingly relying on AI-based training and workflows: 35 percent want to expand their offerings. 

To strengthen their teams, EX managers expand their human team with AI agents that support employees support as co-pilots. 81% of those surveyed expect the integration of such AI solutions into EX to enable employees to solve complex tasks more effectively. This includes, for example, analyzing extensive data sets to derive corporate strategies. 79 percent of EX experts already recognize an improvement in the quality of employees' work through AI. Almost half (44%) cite faster data processing and higher productivity as important factors. 

Flexibility and personalization through self-service 

Respondents are aware that flexible working is essential for an optimal work experience. 84% consider the freedom to choose where to work to be an important factor that can contribute to work-life balance. Companies also benefit from this: 87% of managers consider flexible working hours to be crucial for increasing productivity. 

At the same time, decision-makers are increasingly relying on personalized EX solutions. This includes the use of AI-based platforms for employee training, for example. These platforms take into account the skills and learning styles of individuals instead of a one-size-fits-all approach. Personalized training, in turn, enables managers to identify individual development opportunities. Based on AI-supported data analysis, managers can offer each team member the best possible personal support - regardless of where they work. 36% of respondents already use AI to personalize EX. 

Self-service solutions are one possible answer to the increased expectations of flexibility and personalization. The use of such tools is driven by the positive impact of self-service and AI technologies on productivity and employee satisfaction, which 80 percent of EX executives observe. Accordingly, 84% of respondents have already invested in HR platforms that offer their employees self-service options. 

Data-based performance assessment 

Many employer experience experts are struggling with increasing flexibility in the workplace. Two-thirds of respondents cite accurately measuring productivity while working from home as a key challenge. New, data-driven approaches are needed to recognize performance in the remote age. EX leaders are therefore turning to AI-powered data analytics to assess engagement and productivity and optimize employee satisfaction. 

Source: Zendesk

The International SOS Foundation sees itself as an ambassador for the topic of duty of care. It was founded in 2011 to improve the safety, health and well-being of people traveling or working abroad for work-related reasons. The foundation has now published a white paper in collaboration with the Lausanne law firm r&associés avocats. The white paper in English summarizes the basic parts of the guideline published by the International Organization for Standardization in 2021. "ISO 31030:2021 Travel risk management. Guidance for organizations" together. It presents a systematic approach to travel risk management and makes recommendations with regard to the implementation of the ISO 31030 guideline so that Swiss companies can more easily fulfill their duty of care.

Possibility of an international benchmark

"To ensure effective travel risk management in compliance with the duty of care, a systematic approach is essential. This includes the development, implementation, assessment and review of an integrated and tailored travel risk management system that is aligned with the ISO 31030 guideline," says the current Co-President of the Association of Swiss Travel Management, Dominic Short. "The new guide, which we have developed together with the International SOS Foundation, provides Swiss companies with such an approach and lists measures with which they can meet the requirements of the ISO 31030 guideline," Short continues.

"The ISO 31030 guideline finally offers companies the possibility of an international benchmark and a step-by-step guide to the points companies should consider for comprehensive travel risk management," adds Wolfgang Hofmann, Regional Security Manager at International SOS.

Goal: Development of a global standard for travel risk management

The travel risk management sector has evolved considerably in recent years, primarily due to complex health and safety incidents. These developments have increased the need for regulatory adjustments and a clear response. To address this need, the International Organization for Standardization has published the ISO 31030 guidelines. The aim is to create a global standard that applies to companies and organizations regardless of their industry or size. The standard is intended to contribute to the comprehensive protection of employees' health and safety. At the same time, it aims to minimize operational, legal and reputational risks associated with work-related activities when business travelers are away from their usual workplace.

International SOS is making the new white paper available for companies to download free of charge at
ISO 31030:2021 Travel Risk Management | Ensuring compliance for Swiss organizations

Source: www.internationalsosfoundation.org

The Digital Trust Label (DTL) was launched in January 2022to promote trust and transparency in digital services. Building on this, the list of criteria has now been expanded to better incorporate AI. This was done in a comprehensive and collaborative process with partners and the Digital Trust Expert Group. "Similar to an organic label or a nutritional value table, the Digital Trust Label acts as a seal of trust for the digital world," explains Doris Leuthard, President of the SDI Foundation Board. "With this updated set of criteria, the DTL is now AI-ready and closes the current gap between the increasing demand for AI and evolving regulation. The DTL enables companies to advance the use of AI in a trustworthy manner."

Verifiable catalog of criteria

The updated set of criteria serves not only as a basis for DTL certifications, but also as guidance for organizations that want to harness the potential of AI in a responsible and trustworthy manner while protecting the end users of AI-powered digital services. As AI continues to evolve, the SDI will also publish further guidance. This expansion will make the DTL an important tool for digital service providers to maintain and build user trust, especially when using generative AI (GenAI). In the face of increasing regulations around the world and the proliferation of principles, the DTL remains unique in that it operationalizes abstract values and principles in a verifiable set of criteria. As regulations and standards catch up, the DTL offers a solution that already increases transparency for end users of digital services.

If you want to benefit from AI, you have to be trustworthy

Since its foundation in 2020, the SDI has been working on the topic of digital trust, a topic that is becoming even more important with AI. The question of
Trustworthiness of AI systems and the integrity of data inputs and outputs slows down acceptance and fuels mistrust among users and companies alike. Building on the proven DTL criteria catalog, the additional criteria specifically address the trust issues raised by AI and GenAI. Along the existing DTL dimensions - security, privacy, reliability and fair user interaction - the AI-specific criteria mention, for example, information and transparency obligations towards end users, risk management procedures, address biases in algorithmic systems and ethical considerations regarding training data.

A practical and pragmatic solution in a time of uncertainty

Since the Swiss Digital Initiative was founded, the non-profit foundation based in Geneva has been working on putting ethical principles into practice and bringing together experts, practitioners and providers of digital services in a collaborative process. The Digital Trust Label puts the end user of digital services at the center and provides digital service providers with a tool to clearly communicate their adherence to trustworthy practices. Organizations that have already received the DTL for a digital service include Cisco, Credit Exchange, Julius Baer, Kudelski IoT, OneLog, PeopleWeek, Swisscom, Swiss Post, Swiss Re, Tresorit, UNICEF and Wefox. The DTL can also be licensed as a functioning audit system, which is an interesting option for companies that want to certify the trustworthiness of digital services.

Source and further information: Swiss Digital Initiative