A representative study by G DATA reveals positive trends alongside organisational shortcomings
Contingency plans are well established in the German business landscape: 97 percent of companies have a basic action plan in place in the event of a successful cyberattack. This is one of the findings of the representative study “Cybersicherheit in Zahlen” by G DATA CyberDefense, Statista and brand eins. Half of the companies surveyed use technical measures to contain the incident. Only a third of those surveyed seek external support from experts. The study shows that the business sector is well on the way to achieving resilience. However, there is still a considerable need for action with regard to the necessary scope of measures.
Every company has a fire safety plan in place in the event of a fire. That way, everyone knows what to do. Companies should also be prepared for a successful cyberattack and have a contingency plan in place for this. Without such a plan, there is a risk of chaos and panic-stricken action in a situation where a systematic approach is vital to minimise damage and restore operational capability quickly. Fortunately, “Cybersicherheit in Zahlen” shows that almost all companies in Germany have an emergency plan in place. However, a closer look at the measures taken as part of these guidelines reveals significant shortcomings: only 51 percent of those surveyed use technical measures to mitigate attacks, and fewer than half rely on regular training and emergency drills. Similarly, forensic analyses to investigate the causes (34 percent) and collaboration with external incident response teams (32 percent) are only part of the contingency plan in a few companies.
“The results show that resilience to cyber-attacks is increasingly becoming the norm in German companies – an important step towards digital competitiveness. However, decades of experience in IT security make one thing clear: a contingency plan only achieves its full potential when it is regularly practised, technically supported and complemented by the right partners. The task now is to turn good preparation into genuine operational capability”, says Andreas Lüning, co-founder and CEO of G DATA CyberDefense.
Resilience requires comprehensive measuresParticularly in the event of ransomware attacks or data protection incidents, organisations must make decisions within a very short timeframe, inform internal and external stakeholders, and comply with regulatory requirements. A lack of communication and escalation processes leads to delays, which further exacerbate the damage. It is therefore essential for IT managers to take a comprehensive approach to contingency planning, rather than focusing solely on the technical aspects. Regular crisis drills, clear decision-making structures and pre-prepared communication processes for customers, partners, authorities and the media are essential.
Cybersichherheit in Zahlen – available for download“Cybersicherheit in Zahlen” is now in its fourth edition and is characterised by a high density of information and particular methodological depth: the market researchers at Statista have compiled figures, data and facts from more than 300 statistics into a unique comprehensive work. More than 5,000 employees in Germany were surveyed as part of a representative online study on cyber security in both professional and private contexts. The experts at Statista closely supervised the survey and, thanks to a sample size that far exceeds the industry standard, are able to present reliable and valid market research conclusions in the magazine “Cybersicherheit in Zahlen”.
The “Cybersicherheit in Zahlen” magazine is available for download here.