What do the Landis & Gyr and Siemens Building Technologies examples show about organizing (security in) global companies?
Two contrasting models: centralized leadership from one headquarters vs. organization by country subsidiaries and parent houses — each shaping how security must be organized.
- Landis & Gyr (shortly after the Siemens takeover): central leadership from the HQ in Zug — Geschäftsleitung with Stäbe und Linien at the center, four regions (Schweiz, EMEA, Americas, Asia-Pacific) below, spanning 189 countries and ~500 sites
- SBT (3 years after the takeover): organized by Landesgesellschaften (192 country subsidiaries) and 12 Stammhäuser (parent houses), ~600 sites — far more decentralized
The lesson: after mergers, structures evolve — and the information security organization must mirror the company's structure (one of the requirements for InfoSec organizations). A centrally led company supports a central security team with global directives; a country-subsidiary model needs local security officers coordinated by a small central function.
Tip: Neither model is "right" — but a mismatch (central security in a decentralized company, or vice versa) reliably fails.