Login

Case study

Reducing human risk in a regulated sector

Industry:
Utility (Energy)

Employees:
> 1,000

Revenue:
1,200 Mio € (2022)

DEW21 is a local energy supplier in Dortmund with around 1,000 employees operating in the regulated energy sector and is ISO 27001 certified in accordance with the Energy Industry Act. They supply electricity, gas, water, and heat to around 600,000 people in and around Dortmund.

Download case study

“In a crisis, no technology will help you – only resilient colleagues who keep a cool head even in such a stressful situation, apply what they have learned, and do their best to get the company back on track. SoSafe is the solution provider that helps us to get there quickly and to engage our employees in an appealing way.”

Jens Feistel

Jens Feistel
CISO DEW21

The challenge

Strengthening human risk management by fulfilling the requirements from regulations like NIS2

As one of the larger operators of critical infrastructure in Dortmund, DEW21 was looking for a security awareness solution that could then be transferred smoothly to the other organizations in the 21 Group and would help with the upcoming European regulations like NIS2, while helping them manage human risk better.

In the midst of the regulated critical infrastructure sector, we face significant challenges, from implementing the NIS2 Implementation Act to adapting to the EU CER regulation. Together with the other infrastructure companies in the 21 Group in Dortmund, we were looking for solutions to overcome these challenges and build a robust online future in this regulated sector that we are in.

Jens Feistel

Jens Feistel
CISO DEW21

The solution

Ready-to-use awareness training that adapts to changing needs, supports compliance, and encourages secure behaviors

SoSafe’s awareness training helps to meet NIS2 requirements for awareness training and risk analysis, and SoSafe’s best-practice recommendations can easily be extended to the rest of the group.

Cyber security needs to be addressed in small, manageable doses on an ongoing basis. Regular phishing training, combined with the short e-learning sessions, does just that. And employees are now realizing that this is to their benefit because what they have learned is also helpful in their personal lives.

Jens Feistel

Jens Feistel
CISO at DEW21

Increasing awareness through multichannel solutions:

  • E-learning and phishing simulations with little effort according to SoSafe recommendations
  • Use of the phishing report button and feedback from their IT service provider
  • Introduction of Sofie Rapid Awareness

The results

Paving the road for regulatory compliance while sustainably improving user resilience

Click rates of the phishing simulation were already significantly reduced in the first year and acceptance of the entire awareness campaign increased enormously after some initial skepticism.

We now have well-sensitized employees who recognize suspicious emails early on and then proactively approach the email senders and individually reach out to them: ‘Hey, you might have a problem.’

Jens Feistel

Jens Feistel
CISO DEW21

That’s why DEW21 recommends SoSafe:

  • Click rate decreased by 54 % in the first year
  • Successful detection and reporting of the phishing simulation in 43% of cases
  • 4.9/5 rating by employees

Scale your security culture with ease

See how SoSafe supports CISOs, administrators, and end-users in building continuous resilience.

Request a demo
CTA Person Demo Request