26.02.2026 | 3 Images

Positive development: Three-quarters of management teams feel responsible for IT security

G DATA study shows: As hierarchical levels decrease, the sense of responsibility declines significantly
G DATA Cybersicherheit in Zahlen Persönliche Verantwortung © G DATA CyberDefense AG

77 percent of management teams in Germany feel personally very responsible for their company's IT security.

This press release has:
NIS-2 is effective and firmly establishes cybersecurity as a management task in German companies. 77 percent of management teams in Germany feel personally very responsible for their company's IT security. This is a key finding of the latest study, “Cybersicherheit in Zahlen” conducted by G DATA CyberDefense, Statista and brand eins. However, the survey also shows that the majority of employees do not know to what extent they are personally responsible for IT security in their company.

Press release Plain text

While the second EU Directive on Network and Information Security (NIS-2) clearly places strategic responsibility at the management level, there is a significant gap within companies. Personal responsibility for IT security is closely linked to hierarchy. According to the study “Cybersicherheit in Zahlen” by G DATA, Statista, and brand eins, 77 percent of senior management feel strongly responsible, followed by three out of five division managers, just under half of department managers, and 41 percent of team leaders. This makes it clear that the intensity of the sense of responsibility follows the respective leadership role. Against the backdrop of regulatory developments such as the NIS 2 Directive or the Cyber Resilience Act (CRA), a heightened sense of responsibility can be seen, particularly at the strategic level.

“The NIS 2 Directive is having an impact: cybersecurity has now clearly become a management task in the boardroom”, says Andreas Lüning, co-founder and CEO of G DATA CyberDefense AG. “Now we need to consistently carry this sense of responsibility throughout the entire company – because true cyber resilience only comes about when each and every individual understands IT security as part of their own job.”

Security culture in companies has room for improvement
Basically, there is an awareness of the importance of IT security. The picture is threefold: one-third of employees say they feel only partially responsible. Thirty-four percent of those surveyed feel strongly to very strongly responsible for IT security. Another third feel only slightly responsible or not responsible at all. While managers clearly define their role, the picture is more nuanced among employees without management positions: almost a quarter feel very responsible, but 43 percent feel not responsible at all.

This presents a clear opportunity for companies: to leverage the already strong sense of responsibility among management to establish IT security even more consistently as part of the corporate culture. Cyber resilience does not arise solely from technical measures or guidelines. It develops when employees recognize their own effectiveness, for example, in dealing with phishing emails, using secure passwords, or reporting suspicious incidents.

“Cybersicherheit in Zahlen” available for download
“Cybersicherheit in Zahlen” has been published for the fifth time and is characterized by a high density of information and particular methodological depth: More than 5.000 employees in Germany were surveyed as part of a representative online study on cybersecurity in a professional and private context. The experts at Statista closely monitored the survey and, thanks to a sample size that far exceeds the industry standard, are able to present reliable and valid market research results in the magazine “Cybersicherheit in Zahlen”. In addition, the market researchers have compiled figures, data, and facts from more than 300 statistics into a comprehensive reference work on IT security.

Here you can donwload “Cybersicherheit in Zahlen”.

G DATA CyberDefense AG is a leading German company in the field of IT security. Since 1985, the company based in Bochum has stood for digital security “Made in Germany”.

More than 500 experts protect businesses, public authorities, and private users every day with modular solutions that seamlessly combine software and services:

  • Managed Extended Detection and Response (MXDR)
  • Endpoint Security for Businesses
  • Security Awareness Training
  • IT security services such as penetration testing, incident response, and forensic analysis

Transparency, data protection, and digital sovereignty are the cornerstones of the company’s security strategy. For this reason, G DATA develops and operates its solutions in Germany. With its no-backdoor guarantee and ISO 27001 certification, the company helps businesses and organizations meet regulatory requirements. In doing so, G DATA lays the foundation for CyberVertrauen and a secure, resilient future.

G DATA. Trust in German Sicherheit.

All contents of this press release as .zip:

Direct download

Release text 3283 Characters

Plain text Copy release text

Images (3)

G DATA Cybersicherheit in Zahlen Persönliche Verantwortung
574 x 440 © G DATA CyberDefense AG
G DATA Andreas Lüning Cybersicherheit in Zahlen
1 800 x 1 200 © G DATA CyberDefense AG
G DATA Cybersicherheit in Zahlen Persönliche Verantwortung 300dpi
2 391 x 1 833 © G DATA CyberDefense AG


Contact

(1) Vera Haake
Vera Haake
Leitung Unternehmenskommunikation / Head of Corporate Communications

+49 234 9762 - 376
vera.haake@gdata.de