On a more general level, all business models being critically based on processing data in IT-systems – which applies to most market segments in the 21st century – are to a greater or lesser extent sensitive to IT security threats. However, a particular risk can be seen for business models based on critical infrastructure and business models based on innovative products and services.

The business model of provision of infrastructure is entirely based upon continuous availability that is possibly even legally guaranteed. Such a business model therefore creates a need to eliminate risks of system fails and security breaches due to cyber-threats to the maximum extent possible, e.g. through building up of redundancies.

Business models based upon (constant) innovation require effective defence against threats of cyber-espionage, especially if intellectual property rights cannot be enforced effectively on all markets addressed, e.g. due to legal constraints, or due to mere practical reasons in certain jurisdictions. These business models are particularly sensitive to threats against integrity and confidentiality of data.