Study reveals gap between technical maturity and security culture in German companies
The latest study “Cybersecurity in Numbers” by G DATA CyberDefense, Statista, and brand eins shows that German companies have significantly expanded their IT security in recent years. Firewalls, endpoint protection, and awareness training are now standard in many organizations. Nevertheless, a deficit is apparent: While the technical maturity of IT security is rated predominantly positively, the IT security culture in one in four companies is only average or weak to non-existent.
More and more companies are investing in IT security technologies and services and are improving their level of cybersecurity maturity. They have comprehensive security measures in place, a strong awareness of security, and conduct regular audits. Seven out of ten respondents rate their employer’s IT security maturity as high or very high. This is one of the findings of the latest study “Cybersecurity in Numbers” by G DATA CyberDefense, Statista, and brand eins. However, nearly one third report existing gaps, missing processes, or insufficient resources. Companies with a lower level of maturity are not only a risk to themselves. As part of a supply chain, they also put other businesses at risk. Cybercriminals deliberately search for the weakest link in a chain of defense. Often, the initially attacked company is not the primary target, but rather a customer or supplier.
“German companies have made significant technological progress and have raised their IT security to a high level,” says Andreas Lüning, co-founder and member of the Executive Board of G DATA CyberDefense AG
. “However, from decades of experience, we know that sustainable security only emerges when technology and lived responsibility within the company go hand in hand — because cybercrime deliberately exploits organizational weaknesses along the supply chain. The task now is to anchor security culture as a strategic leadership responsibility and to assume joint accountability.”Strong Technology, Weak CultureIn many organizations, IT security is still understood purely as an IT project. One in four respondents rates the company’s security culture as only average or non-existent. On the other hand, one third describe their security culture as very strong. In these companies, cybersecurity is a central part of the corporate DNA, with clear policies, training programs, and security reviews. A security culture embraced by all employees is increasingly becoming a strategic issue for companies — not only from a technical perspective, but also from an economic one. Security incidents jeopardize supply chains, cause high costs, and damage reputation as well as the trust of customers and partners.
Download “Cybersecurity in Numbers”“Cybersecurity in Numbers” has now been published for the fifth time and stands out for its high information density and particular methodological depth: More than 5,000 employees in Germany were surveyed as part of a representative online study on cybersecurity in both professional and private contexts. The experts at Statista closely supported the survey and, thanks to a sample size that significantly exceeds the industry standard, are able to present reliable and valid market research results in the magazine “Cybersecurity in Numbers.” In addition, the market researchers have compiled figures, data, and facts from more than 300 statistics into a comprehensive reference work on IT security.
“Cybersecurity in Numbers” is available for download here. (Only in german)